Top data leak scandals that shook Facebook users
Facebook has over the years become a prime target of cyber criminals. It is the top social media platform with over 2 billion users globally.Updated: Sep 29, 2018 13:38 IST
Since Cambridge Analytica data scandal earlier this year, Facebook has been under constant scrutiny over how it handles personal data of its over 1 billion users. The social networking company is now again scrambling to fix another major data breach, considered to be one of the biggest in Facebook’s history.
The latest security breach discovered earlier this week exploited vulnerabilities in Facebook’s “View As” codes, giving cyber criminals access to user accounts. The breach is said to have affected almost 50 million accounts. The social media giant is still investigating the full extent the breach.
Facebook which has remained the top social networking platform over the years has also been a prime target of cyber criminals.
“We face constant attacks from people who want to take over accounts or steal information around the world. While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place,” said Facebook CEO Mark Zuckerberg in a post on Friday.
Thanks to advanced firewalls and crowd-sourced bug bounty programmes, Facebook manages to keep most of the hackers at bay. But those cracking Facebook codes end up causing major panic, considering the volume of data available on the platform.
Let’s take a look at the top security breaches Facebook faced over the years.
Year-long data breach in 2013
In what may have been Facebook’s first publicised major security breach, the social networking giant in June 2013 confirmed it had inadvertently exposed sensitive data of almost 6 million users, including phone numbers and email addresses.
Facebook disclosed that the leaks started in 2012 due to a bug in its archives that stored contact information of its users. Fortunately, the bug had limited impact and was fixed as soon as the company identified it.
Cambridge Analytica Data Scandal
UK-based data mining firm Cambridge Analytica earlier this year was caught harvesting data of more than 80 million users without their consent through a personality test app. Facebook said the data leak affected users mostly in the US but did confirm over 500,000 users in India were also impacted.
Aimed at influencing US presidential elections, the data mining firm used an app called “This is Your Digital Life” in 2014.
After the disclosure, Facebook revamped its user interface to give more prominence to privacy and security to give users more control over their data and what should be shared with the company.
The company and founder Mark Zuckerberg have remained under wide scrutiny over how Facebook handles private data of billion users on its platform.
Tracking users after logging out
Facebook had long been suspected of tracking users, even when they’re not using the application. Back in 2017, a UK court dismissed a lawsuit against Facebook for allegedly tracking users even after they had logged out. But earlier this year, Facebook asserted it did track users’ activity offline.
“When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account,” David Baser, a product management director, wrote in a blog post following Mark Zuckeberg’s testimony in US Senate. “This is because other apps and sites don’t know who is using Facebook.”
Facebook further elaborated that it uses social plug-ins, Facebook Login buttons, Facebook Analytics, and Facebook ads and measurement tools to track its users.
Reported earlier this year, Nametests is a popular third-party website that offers a variety of quiz apps for Facebook users. These apps, however, use users’ information to give an analysis. A security researcher Inti De Ceukelaire said the third-party app had put private data of over 120 million users at risk. Facebook said it had fixed the loophole whereas Nametests’ parent company Social Sweethearts claimed no personal data was misused.
“It was reported by Inti De Ceukelaire and we worked with the app’s developer — Social Sweethearts — to address the website vulnerability he identified which could have affected Facebook information people shared with nametests.com. To be on the safe side, we revoked the access tokens for everyone on Facebook who has signed up to use this app. So people will need to re-authorise the app in order to continue using it,” Facebook said in a post.