To say that Facebook’s relationship with user privacy is tenuous would be putting it lightly. The social network has a long history of misappropriating personal information, doing everything from carrying out unauthorized experiments on its users to selling data to firms like Cambridge Analytica. It, therefore, comes as no real surprise that earlier this month, it was revealed that at some point in 2019, the private information of over 530 million users was compromised, including full names, phone numbers, email addresses, and other details about user profiles.
That’s nearly 20% of the social network’s 2.9 billion active users. And that isn’t even the worst part. As it so often seems to do, Facebook managed to take the situation from bad to worse.
Here are three of the main talking points surrounding Facebook’s recent data breach.
Facebook Refused to Notify Affected Users
As reported by NPR, Facebook has chosen not to notify any of the users who had their information compromised. In other words, if this incident has impacted you, you’re on your own. You won’t even know you’re one of the victims unless you decide to manually check through a website like Have I Been Pwned?
We’d advise entering the email and phone number associated with your Facebook account on that site, just to be safe.
The Social Network Knew About The Flaw For Years
At this point, there’s one technicality we should get out of the way. According to a blog post published by Facebook, the bad actor did not hack Facebook’s systems but rather scraped it from the platform at some point prior to 2019, thanks to a flaw in the company’s contact importer. At no point did the company apologize to affected users.
Facebook made it clear in the blog post that it addressed the issue in 2019, emphasizing that it has ‘teams’ dedicated to dealing with incidents like this. Given the current quality of Facebook’s community standards AI, that doesn’t inspire confidence. Nor does the fact that Facebook knew about this vulnerability since 2017.
“It took days for Facebook to finally acknowledge the root cause [of the incident],” reads a piece published by Wired Magazine. “But now, researchers are saying Facebook knew about similar vulnerabilities for years before that, and it could have made a far greater effort to prevent the mass scraping in the first place.”
The social network has a long history of ignoring privacy and security issues or sweeping them under the rug. What’s most surprising is that an incident of this scope didn’t happen sooner.
Facebook Messenger is Also Insecure
The social network itself isn’t the only service that’s bogged down with bad security practices. Per Forbes Magazine, the social network has announced ‘significant delays in critical security enhancements’ to Facebook Messenger in the wake of the scraping attack. To date, it is one of the only instant messaging apps on the market that doesn’t feature some form of encryption.
As if that’s not concerning enough, The Next Web reports that Facebook actively monitors conversations on the platform via ‘automated tools.’ The social network has emphasized that no human beings are listening in on conversations or voice calls. Given its history, we’re not sure we believe that.
A Series of Unfortunate Events
Time and again, Facebook has shown that it is either unwilling or incapable of treating private data with the care it deserves. Time and again, it has demonstrated a fundamental disconnect between the company and its users, from the lack of an actual support department to the rampant incontinence of its community standards algorithms. Time and again, it has shown that it cannot be trusted to act ethically and respect its users’ best interests.
The only question is how long it will be until people forget about this latest controversy and go back to using the social network as usual.