At the time of writing of this article, Facebook is on the verge of launching its own currency, Libra – no doubt, with some (ironic) allusion to ‘liberation’. There are many questions around this global transaction platform – being championed by one of the most prolific collectors of user data. After all, Facebook security is mired in controversy when it comes to data privacy and data protection.
There was once just a wall, remember?
Facebook has long evolved from a wall where you posted snippets and pictures into a full-fledged digital ecosystem. Today it is a digital advertising behemoth, pursuing cutting-edge Artificial Intelligence development, pioneering internet connectivity, enabling transactions and much more.
There are over 2 billion users on Facebook, contributing personal information and behavioural data. Unfortunately, Facebook has also been at the centre of more breaches and data scandals than one can keep track of.
In this article, we look at some of the more defining Facebook security scandals, and the lessons that should be learnt from them.
The Facebook ‘Like’ (2011)
There was a time when security scandals involving Facebook were relatively ‘simple’. Like the ‘Like’ button tracking users across websites. This, even when users were not logged into Facebook. And you didn’t need a Facebook account to be tracked either.
Lesson: Clear your browser’s cookies frequently to make sure you limit your tracking. Even consider browsing in private tabs on intrusive sites to limit tracking.
Collecting call history and text message logs (2015)
Technically, this came to light in 2018. Till about 2015 Facebook was able to make complete records of all phone calls and SMS messages sent and received on phones running the Android operating system. It is unclear if this affected only those who had downloaded Facebook’s app, or anyone who used Facebook on their phone.
Lesson: Limit the access privileges apps and social media platforms demand for their apps. It is highly advisable you do not install such software on your business device. Avoid visiting social media platforms on your business device.
Harvesting users’ email contacts (2016)
For a time Facebook allowed users to verify their accounts using their email credentials. As a result, the company was able to retain copies of email address books from 1.5 million users’ email accounts. Facebook confirmed as much, shortly after it shuttered this verification method in 2018.
Lesson: Avoid intertwining your email, social media and other accounts as much as possible. Avoid using business email addresses to create accounts on public platforms such as social media.
So staggering is the scale of Facebook that data breaches and mishandling of data encompass millions of users around the world.
Third parties are given access to private photos (2018)
Another blow to Facebook security came when it was found that more than 6 million users’ private photos had been shared with third parties. Hundreds of developers who had built Facebook apps had been given access to these.
Lesson: It cannot be stressed enough that private, confidential or commercially valuable information should never be shared on social media. One cannot be certain of how that information can be accessed, by whom, and how it can be used.
Cambridge Analytica (2018)
Facebook selling data pertaining to more than 80 million users became a widely debated topic. As much as the sale of data was bemoaned, how it was used was really decried. It shed light on the unconsented sharing of user data with organizations that used it to profile them. Their social interactions, contacts and preferences were used to develop tactics that may have impacted a national election.
Lesson: Read the user agreement before you accept it. You can choose to forgo the service to limit your interaction. Again, spreading your necessary digital interaction across platforms will help lessen the effectiveness of tracking.
Data breach #? (2018)
2018 was a year of revelation for shortcomings in Facebook security. The company disclosed late in 2018 a network breach that affected almost 30 million accounts. Hackers were allegedly able to capture sensitive private information, including phone numbers, recent searches, location histories and more.
Lesson: Be aware that your information could always be compromised online. It would be wise not to interact wholly with a single platform such that it acquires all of your personal information.
Passwords stored as plain text (2019)
Facebook admitted to storing hundreds of millions of passwords as plain text on its internal systems in 2019. It goes without saying that if ever such a database was leaked, the consequences for its users could be severe.
Lesson: Change your passwords frequently and never use the same password for more than one service.
Half a billion user records stored on public servers (2019)
Third-party app developers are integral to Facebook. However, it is unclear how Facebook can keep a check on their data handling practices. An example of this is when a digital media company left over 500 million user records on a publicly accessible server, without a password. On a smaller scale, another app developer left much more detailed information, including photos, check-ins and more on a public server.
Lesson: Use apps from third-party developers only if you are sure about their track record of handling data. Once you grant access to an app, you are opening up your information to intensive scrutiny – and with little ability to recall.
At Technical Action Group we know the challenges you face keeping your business information and employees safe on the internet. The prevalence of Facebook and other social media means your business and network need to be protected. Get in touch to find out how we can help.