Top 10 epic Facebook fails

[harlan4096]

This May, Mark Zuckerberg celebrated his 35th birthday. Congratulations! Zuckerberg did not make it to this milestone quietly, however. Instead, he faces a federal investigation looking at ways to hold him personally accountable for mismanaging users’ private data while Facebook-related scandals keep making headlines. In this post we have compiled Facebook’s 10 most prominent fails involving data misuse.

1. Cambridge Analytica: How it all began

It all started with the Cambridge Analytica scandal. Back in early 2018 we all learned for the first time with 100% certainty that the data and opinions we share across Facebook can be used by a third party without our consent. Cambridge Analytica’s harvesting of the data of 50 million Facebook users and its use of that data for political advertising shook the world, but it was only the beginning. To review those events, you can read this post.

2. Facebook tokens stolen

Half a year later, another scandal caught up with Facebook: Hijackers were able to exploit several vulnerabilities in Facebook and steal the access tokens (which are basically an equivalent of digital keys that keep people logged in) of millions of Facebook users.

In total, 30 million users had their tokens stolen. For 15 million, malefactors accessed their names and contact details. In 14 million cases, the attackers were able to see more detailed info and the users’ Facebook activities. For the remaining 1 million, the hijackers did not access any information. That was when Facebook users learned that Facebook is not impregnable and that their accounts could be stolen en masse without them doing anything wrong.

3. Facebook and Instagram passwords exposed

If 30 million wasn’t enough, another incident came along involving hundreds of millions of Facebook and Instagram users. In early 2019, Facebook made us aware that its internal processes related to user data security are far from perfect. The company admitted it was storing part of the passwords for Facebook and Instagram accounts in plain text. They insisted these passwords were visible to employees only and that no one abused their access permissions.

At this point, the exact number of affected users has not been disclosed. First, the company commented that the problem involved hundreds of millions of Facebook Lite users, tens of millions of regular Facebook users, and tens of thousands of Instagram users. One month later, it amended its comment to say the issue (now patched) affected not tens of thousands, but millions of Instagram users.

4. Instagram passwords exposed again

Actually, that was not the first time Instagram users learned they could’ve had their passwords leaked. Several months earlier, Instagram’s “Download Your Data” feature was discovered to contain a security flaw (now patched) that could have inadvertently exposed some Instagram passwords. If someone submitted their login information to use the feature, their password was included in a URL in their Web browsers and — again — stored on Facebook’s servers in plain text.

5. Facebook requested e-mail passwords and scraped contacts

Facebook scraped the e-mail contacts of 1.5 million users without their consent. Wait, it’s actually a bit more complicated than that. Here’s the story: Facebook was asking a subset of newcomers to verify their identities by providing passwords to their e-mail accounts. When the news broke, many thought it was an April Fool’s joke; no savvy Internet surfer could even imagine granting a third party access to their e-mail communications. Unfortunately, it was not a joke. And many fell for it.

Facebook insisted it didn’t access the contents of the users’ e-mails, just — unintentionally — scooped up their e-mail contacts. In total, the address books of 1.5 million users have been harvested. But given that people’s contact lists may have hundreds of contacts, the final number of those whose contact details were obtained this way may well be in the tens of millions. The company says it used the data to improve ad targeting, build Facebook’s web of social connections, and recommend new friends to users.

Continue Reading