9 Times Facebook Privacy Violation Happened

Facebook privacy violation

Facebook privacy violation was always at the center of data leaks and privacy breaches over the years. They have been stories about the company and their privacy issues in the past that are a cause for concern to those who take their privacy seriously. There have been several occasions where Facebook has failed to protect customer data, and it makes you wonder why the Facebook privacy violation is always on a steep growth. There have been several instances of data leaks and recently, Facebook has been fined to the tune of $5 billion by the Federal Trade Commission (FTC). In this article, we would discuss the various instances where Facebook has failed to protect its customers and put its users at risk.

How does Facebook Privacy Violation happen?

Contact Details of 6 Million Users in June 2013

Facebook’s data problems began with this breach in 2013. They discovered that a bug existed in their system which exposed the personal data of 6 million users to unauthorized viewers

User Profiles of 14 Million Users in May 2018

Facebook had a glitch in 2018 that made ‘Public’ instead of their preferred setting. When noticed, Facebook sent a notification to users asking them to check their privacy settings and reverting to their preferred choice. If you would like to check your privacy settings, go to Settings > Privacy > Your Activity. From here you can decide who can see your posts.

Over 300 Million Users’ Data Exposed On the Dark Web in December 2019

Facebook also violated the privacy of its users at the end of 2019 as they left more than 300 million user data on the dark web for about two weeks. The data included user names, phone numbers, and also user IDs. According to security expert Bob Diachenko, the breach was likely a result of illegal scraping or Facebook API abuse.

87 Million User Records Leaked to Cambridge Analytica in 2018

The political research firm, Cambridge Analytica exploited a loophole in Facebook’s API and got personal data of over 87 million users. The leak was linked to an online quiz where over 270,000 Facebook users participated. Cambridge Analytica then got information about friends of the quiz participants and built psychological profiles of them. 

At Least 50 Million Users in September 2018

After the Cambridge Analytica attack, Facebook had another breach in the same year and it just seems Facebook keeps violating your privacy. They made a public announcement that about 50 to 90 million user accounts had been hacked. The hackers could have access to everything on the victim’s profile. Accounts of the victims on other websites that the affected users had logged into using Facebook were possibly compromised.

The reason behind the Facebook privacy violation breach was due to three bugs, and was a result of the ‘View As’ feature. This feature allowed users to view their profile in the eyes of another person.

The first bug that caused the breach made the Facebook video upload tool show up on the ‘View As’ page. The second bug allowed the video uploader to create a token, permitting the attackers to stay logged into your Facebook account. the third bug provided an access code when it appeared on the ‘View As’ mode that provided the attacker with the data they were searching for.

To solve the problem, Facebook logged out every user that was suspected to be a victim of this and asked them to log into their accounts again after resetting their password. The ‘View As’ feature was also disabled.

Passwords Violation of at Least 600 Million Users in March 2019

It was revealed by a security researcher, Brian Krebs that Facebook violated your privacy by storing your password in plain text. This lack of encryption takes away your privacy as any staff could get their hands on the password. Some of the passwords were from 2012.

Facebook made a statement that the passwords were only visible to employees, and were never improperly accessed or abused.

Records of 540 Million Users in April 2019

After Kreb’s revelation, Facebook suffered another leak. Third-party app developers allowed millions of records on public cloud servers. Nobody knows if the data was accessed by unauthorized persons, but the data was immediately removed after Facebook found this out.

Email Contact Lists Privacy Violation of 1.5 Million Users in April 2019

Facebook admitted that it had unknowingly copied the address books of about 1.5 million users without their permission. They had asked that new users provide the password to their email accounts and went on to upload their contacts to their servers. This had been on for almost three years before Facebook put an end to the process.

Phone Numbers of 419 Million Users in September 2019

In September 2019, Facebook violated the privacy of its users by leaving the phone numbers of its users on a public server. Those affected were basically from the US, the UK, and Vietnam. The exposed data also included the users’ Facebook IDs. Some of them had the name, gender, and country of the user as well.

New Order Requirement to Facebook by FTC on Facebook privacy violation

The Federal Trade Commission has put new orders in place to help prevent Facebook from violating the privacy of its users in the future. The new order established an independent committee in charge of privacy and took away the complete control of decisions about user privacy from the Facebook CEO. The privacy committee members are independent, and every appointment is by nomination.

The order also requests compliance officers to be in charge of Facebook’s privacy program. The compliance officers would be under the board privacy committee and can be fired only by that committee. Both the compliance officers and the CEO, Mark Zuckerberg must submit to both quarterly and annual certifications to show that the company complies with the order. False certifications would attract penalties.

FTC’s order also makes provision for an external assessor’s validation on the privacy culture of Facebook. The assessor must evaluate Facebook’s privacy program through fact-gathering, sampling, and testing. Facebook is also prohibited from presenting any false representations to the assessor. The assessor would be independent and reports only to the privacy board committee quarterly.

Other privacy requirements to Facebook includes:

  • Facebook has been prohibited from using telephone numbers gotten for other purposes for advertising
  • Facebook must have a comprehensive data security program
  • Facebook must exercise great oversight over third-party apps. This includes terminating the appointments of those that don’t certify their compliance with Facebook’s policies
  • Facebook must encrypt user password rather than in plain text to increase privacy and enhance security
  • When face recognition technology was used, Facebook must provide clear notice and get user consent first
  • Facebook is prohibited from obtaining email passwords from its users when signing up for its services

Conclusion

Facebook violates your privacy in various ways as have been seen in the series of data breaches they have suffered over the years. These breaches have the potential of putting users in danger especially in the wrong hands, so what can be done? Avoid uploading personal data about yourself on Facebook, and also restrain from sharing sensitive data on the platform. If you must share data, do so using an encrypted channel such as a VPN. LimeVPN is a great choice to use as they offer you great security and privacy. Also, build the habit of changing your passwords frequently to improve your security.

Written By Neha Shelar