Facebook was established in 2004. Today, 2.27 billion individuals use the social network each month. Facebook is supposed to protect the personal information of these users. The bad news is Facebook has a lengthy history of security failings and data breaches. During the last thirteen years, the personal data of two billion users has been compromised. Facebook is being targeted by cybercriminals and hackers. This is due to their concept of privacy and security. Facebook has established a reputation for neglecting their users’ privacy and data security.
Timeline of Facebook Data Breaches or Security Vulnerabilities
December 2005 – Scraping Data from Facebook
A script was published by a research team from MIT, which demonstrated the privacy threats associated with over-sharing. Downloading user data from the network was possible. The research team acquired personal data from Facebook for 70,000 profiles and then posted that data online. The argument was similar activities are performed by businesses.
December 2007 – Facebook Beacon
Facebook Beacon was a new product released by Facebook in 2007. This idea was to assist advertisers in understanding their audience better. Beacon enabled advertisers to track people’s movements on other websites. Facebook profiles were extended for this reason. Beacon violated the American Video Privacy Protection Act. The users impacted filed a class-action lawsuit against Facebook. Facebook settled for $9.5 million.
December 2009 – Facebook Makes Private Information Public
Information that users had marked as private was publicly published by Facebook. Facebook was forced to apologize after an investigation from the Federal Trade Commission. Facebook promised to improve the protection and management of personal data. Which is ironic because today, nearly 10 years later Facebook is still dealing with the same issues.
June 2013 – Sharing Contact Information Without Consent
An announcement was made by Facebook regarding the discovery of a bug which allowed users to download contact information without other users’ permission. This information was obtained from friends of friends. The official estimate was personal information was taken from up to six million people.
February 2014 – Cambridge Analytica
Facebook’s Cambridge Analytica scandal involved an app that volunteers were asked to install. The name of the data-collection app was This Is Your Digital Life. Information from user profiles, including private messages, friend lists and likes, was downloaded by the app.
Even though the terms of service established by Facebook were violated, the app was not removed until December of 2015. By this point in time, Cambridge Analytica had harvested the profiles of 87 million users. They were ready to use this information for activities related to marketing and to spread phony news stories. The Information Commissioner for the United Kingdom had already fined Facebook £500,000. This issue is still being investigated in the United States.
April 2018 – Search Vulnerability
In April 2018, Facebook was forced to make the announcement that malicious actors had used their search function to harvest public profile data for the majority of Facebook’s user base. Third parties collected the data for nearly two billion users without permission.
June 2018 – Facebook Secret Agreements
The secret agreements between numerous smartphone manufacturers and Facebook were uncovered by journalists. Microsoft, Samsung, Apple, Lenovo and Huawei were some of the manufacturers provided with personal access to the data of the owners of the phones and their friends in exchange for making Facebook better on their devices. These friends had not given permission for their data to be shared with a third party.
July 2018 – Overridden Blocklists
Blocklists were overridden by a new bug in July 2018. For the around eight days, the users who were blocked could see personal information of users who had blocked them. This was not in accordance with the wishes of the individuals holding the accounts.
August 2018 – Onavo Protect VPN
Onavo was a VPN service offered by Facebook. While the app’s description and marketing focused on protecting user privacy, it was actually a way for Facebook to collect user data. This app was removed due to complaints Facebook was collecting the web activity. This was in violation of the privacy rules from Apple.
Read More: Facebook’s Onavo Protect VPN Collects Data Even When Turned Off
September 2018 – Authentication Token Issue
In September 2018, an issue with authentication tokens allowed hackers to forge these tokens to access as many as fifty million user accounts.
2009 Through 2014
Facebook made changes in early 2009 regarding their terms of service. The new agreement stated users were unable to delete their data after they had left the platform. This led to predictable public outrage. Later in 2009, the privacy settings and privacy policy were revised by Facebook. These actions resulted in a lot of personal information becoming public. A settlement was made by Facebook for privacy charges at the end of 2011 with the (FTC) Federal Trade Commission. The regulators stated Facebook made a false claim that only data that was strictly required could be accessed by the third-party apps.
The truth was almost all of the personal data from the users could be accessed by third-party apps. Facebook actually shared this information with advertisers openly. This caused a sharp decline in people’s trust of Facebook. In addition to an in-app dating service, Facebook is the owner of two additional mega apps, Instagram and WhatsApp. Many individuals fear Facebook is attempting to take over social media across the globe. The worst part is this monopolistic behavior may ensure there is nowhere else for the users to go.
The privacy practices of Facebook came under fire again in April of 2009. Facebook had used plaintext files to store passwords for millions of Facebook and Instagram accounts. Facebook told the users their passwords had not been abused or accessed in any way. However, this is still another major mark against Facebook that far exceeds privacy issues. The United Nations deemed Facebook last March as one of the contributing factors to the Myanmar ethnic cleansing. It has become certain Facebook has a lot of battles left to fight.
While Facebook is still under investigation from the FTC, the consensus is that Facebook will be have to pay a $5 billion fine for its privacy violations. This is the largest fine ever dealt by the Federal Trade Commission.
Learning from the History of Privacy Abuse Conducted by Facebook
There is no doubt Facebook has been hit with charges of privacy abuse for a long time. Mark Zuckerberg has openly admitted that there is extremely little oversight prior to the testing and deployment performed by their software engineers. It would appear the available data is the only basis for making decisions. Facebook has not emphasized privacy enough for its global user base. There have been so many breaches and data leaks experienced by users, these breaches no longer come as a surprise. There are ways to protect your personal information.
Read More: Dear Mark Zuckerberg, – Hacker Noon
You have to understand it is possible to breach any online account. One of your best options is to delete any information with the potential to cause you any harm from your accounts. You may want to consider deleting your entire Facebook account. At the very least, you should update your password regularly. Learning about the available alternatives is critical.
Google, Facebook and Quora have already demonstrated they are not trustworthy and your data may not be safe. Your best options are platforms using a system for decentralized identity management. Your data will be safe from the major data breaches because the storage is local. Another option is (SSI) Self-Sovereign Identity system. This enables you to continue to own your data. This also decreases the risk of your data being shared publicly.
Recent Facebook Breach
Facebook announced a massive data breach occurring in late 2018. Hackers were able to access approximately 29 million personal accounts. In nearly fifty percent of these instances, the hackers were able to view a portion of user search history, the area the individual lives and his or her relationship status. This information was not revealed until after Facebook informed users that somewhere between fifty and ninety million accounts had been potentially compromised. On Friday, September 29th, 2018, every single user had no choice but to log out and change their passwords.
Facebook published a blog post prior to the announcement of the breach. They stated a vulnerability at their core had been identified despite remaining unnoticed in the past. This enabled hackers to steal the access tokens of the users. This means the hackers were able to remain logged into the platform for as long as several months at a time. According to CNN, an active investigation is underway by the (FBI) Federal Bureau of Investigation.
Guy Rosen, one of the Vice Presidents of the company stated Facebook employees had been asked by the FBI not to talk about any of the details that could potentially compromise the investigation into the cyber-attack including who they believe may have been responsible. According to the latest information, hackers were able to view the email addresses and phone numbers of 29 million users. Biographical information could also be seen including work, education, the current city, the people the individual follows, the past fifteen searches and the last ten places in which they were tagged. Fourteen million searches were seen.
This is just one more example showing when you share your private information online, it may become public knowledge. All of the hacks and data breaches has people wondering how well their data is being protected by Facebook.
The Security System Controversy
Earlier in the year, there was a controversy regarding Facebook. This was in reference to the security systems impacted by the Cambridge Analytica data breach. Approximately 87 million accounts were affected. At the time, Mark Zuckerberg made a statement on behalf of Facebook. He admitted Facebook had a responsibility to protect the data of their users. He said if they were unable to do so, they deserved to lose the right to serve their customers. According to the blog post written by Rosen, the security and privacy of every individual is important. He apologized for everything that happened.
Due to the impact of the most recent data breach, numerous individuals are starting to question the influence and role Silicon Valley has on politics. Questions are being raised as to whether or not Facebook can use their power over their users responsibly. Facebook’s practices have involved frequent data breaches, targeted ads and fake news. All of this has had a major impact on the entire world.
Read More: Is Regulation The Only Way Forward For Big Tech?
Data Breaches
Data breaches do not just happen in the United States, even though this is where most of the biggest data breaches have occurred. The regulations and laws of the United States have forced numerous organizations to admit they have experienced data breaches linked to their customers. This does not happen in every country. The Data Protection Act has become the most important legislation in the United Kingdom. Organizations are now concerned about being fined by the (ICO) Information Commissioner. The General Data Protection Regulation is now active throughout the (EU) European Union.
When a business does not protect their customers or disclose a data breach, they can be subjected to tremendous fines. The dark web is being used to purchase and sell information for a substantial amount of money. Millions are being made from breaches including data and credit card information. Data breaches have occurred all over the world.
Remaining Safe on Facebook
If you are using Facebook, you need to check your security and privacy settings on a regular basis. Make certain you are using the tools necessary to protect your personal information. The question you need to ask is if Facebook is offering enough benefits to balance out the risks for your safety online. If you have been watching the news, you are already aware of the poor earnings reports, breaches and numerous leaks reported in 2018. More than $120 billion was lost by Facebook in market cap. The number of users in Europe shrank considerably. This is the reason the basis for the biggest advertising campaign Facebook ever ran, which was “We’re sorry.”
Read More: 98 Things Facebook is Tracking About You (and Everyone Else)