Facebook is arguably the most famous social networking site. Facebook has helped to create a brand for many individuals and businesses. Moreover, it’s a major source of entertainment for people around the globe. Since Facebook is a global social networking site available in various parts of the world, location is not a barrier anymore. This era of social networking has made the world a small place. But ever wondered whether giving out most of your personal data on an online website is absolutely safe as claimed by the company or not? Considering the numerous data leaks surfacing on the internet everyday, the “Safety of our Personal Data” has become an essential, and often ignored question. Well, the following blog attempts to provide an answer to it in the best possible way.
What is Facebook Privacy Breach?
Facebook has faced a number of privacy concerns. These stem partly from the company’s revenue model that involves selling information about its users, and the loss of privacy this could entail. In addition, employers and other organizations and individuals have been known to use Facebook data for their own purposes. As a result, individuals’ identities have sometimes been compromised without their permission.
Issues during 2007
In August 2007, the code used to generate Facebook’s home and search page as visitors browse the site was accidentally made public. A configuration problem on a Facebook server caused the PHP code to be displayed instead of the web page the code should have created, raising concerns about how secure private data on the site was. A visitor to the site copied, published and later removed the code from his web forum, claiming he had been served and threatened with a legal notice by Facebook. Facebook’s response was quoted by the site that broke the story as:
“A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately. It was not a security breach and did not compromise user data in any way. Because the code that was released powers only Facebook user interface, it offers no useful insight into the inner workings of Facebook. The reprinting of this code violates several laws and we ask that people not distribute it further.”
Image Credits: Epic.org
Widening exposure of member information 2011–2012
In 2010, the Electronic Frontier Foundation identified two personal information aggregation techniques called “connections” and “instant personalization”. They demonstrated that anyone could get access to information saved to a Facebook profile, even if the information was not intended to be made public. A “connection” is created when a user clicks a “Like” button for a product or service, either on Facebook itself or an external site. Facebook treats such relationships as public information, and the user’s identity may be displayed on the Facebook page of the product or service.
Instant Personalization was a pilot program which shared Facebook account information with affiliated sites, such as sharing a user’s list of “liked” bands with a music website, so that when the user visits the site, their preferred music plays automatically. The EFF noted that “For users that have not opted out, Instant Personalization is instant data leakage. As soon as you visit the sites in the pilot program (Yelp, Pandora, and Microsoft Docs) the sites can access your name, your picture, your gender, your current location, your list of friends, all the Pages you have Liked — everything Facebook classifies as public information. Even if you opt out of Instant Personalization, there’s still data leakage if your friends use Instant Personalization websites — their activities can give away information about you, unless you block those applications individually.”
Image Credits: Comparitech
Inadequate privacy controls
Facebook offers privacy controls in order to allow users to choose who can view their posts: only friends, friends and friends of friends, everyone, custom. While these options exist, there are still methods by which otherwise unauthorized third parties can view a post. For example, posting a picture and marking it as only viewable by friends, but tagging someone else as appearing in that picture, causes the post to be viewable by friends of the tagged person(s).
Photos taken of people by others can be posted on Facebook without the knowledge or consent of people appearing in the image; persons may have multiple photos which feature them on Facebook without being aware of it. A study has suggested that a photo of a person which reflects poorly on them posted online can have a more harmful effect than losing a password. When commenting on a private post, the commenting user is not informed if the post they commented on is later made public — which would make their comment on said post also publicly viewable.
Data Breach in 2021
Personal data from 533 million Facebook accounts was reportedly leaked online for free, according to security researcher Alon Gal.
The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses. Facebook stated that this data was scraped because of a vulnerability that it had fixed in 2019.
Conclusion
To sum it all up, as advantageous and interesting social networking sites may look, there are always some bugs or loopholes in these websites, making the users and their personal data more vulnerable in this already dangerous world. Responsible and restricted use of these websites can actually help in abolishing the numerous data breaches taking place nowadays, and also make them more user-friendly.
