In the history of the Internet, no tech company may be more controversial than Facebook. Started in 2004 and initially limited to Harvard University students, Facebook quickly hit the mainstream as the premier social networking site. In just a few years, it overtook older sites like MySpace and Friendster, making it the go-to social network for hundreds of millions of people. However, this massive growth has not been without controversy.
Facebook has long been criticized for its record on privacy and security. From collecting mountains of information on individuals to its involvement in state-sponsored surveillance, Facebook’s record on privacy is shaky [1]. But even though billions are skeptical of Facebook and its security practices, it’s still the most popular social network in the world. Combined with its ownership of popular messaging app WhatsApp and photo-sharing app Instagram, Facebook has become one of the Silicon Valley giants where their main product isn’t a product or software, but users themselves. Because of this, it is in Facebook’s best interest to collect as much information as possible from its users. While this strategy certainly lines Facebook’s pockets with oodles of advertiser cash, it forces user privacy to take a backseat and puts user security at risk. Unfortunately, in 2019, this security risk became realized for hundreds of millions of people.
In honor of Cybersecurity Awareness Month, AXEL is writing about some of the worst leaks, data breaches, and ransomware attacks in history. Check out our previous posts about Yahoo, Marriott, Equifax, and Target to learn about what went wrong, what could’ve been done, and how each company responded to devastating data breaches.
Before The Breach
In 2019, Facebook was already facing the aftermath of another massive privacy mishap, the Cambridge Analytica scandal. With Facebook’s knowledge, Cambridge Analytica, a political data analytics firm, harvested data from 87 million Facebook accounts. It then sold this information to multiple United States presidential campaigns in order to inundate potential supporters with political advertisements [2].
Following the revelations of this data thievery, Facebook CEO Mark Zuckerburg even testified in front of Congress, along with taking out full-page advertisements in major newspapers, vowing to “ensure this doesn’t happen again [2].” Following an investigation, the Federal Trade Commission fined Facebook USD $5 billion, the largest fine ever levied by the United States government [3].
Put simply, Facebook was not seen in a positive light by many people. Its track record regarding data privacy had always been shaky, but this new scandal not only drew the ire of government officials, but the general public as well. After this scandal, all eyes were on Facebook to see if it would actually make changes to protect user privacy. Unfortunately, Facebook did not keep its promises for long.
The Leak
In 2019, through a vulnerability in Facebook’s code, the personal data of 533 million Facebook users was stolen [4]. Concerningly, the perpetrators of this attack did not acquire the data through hacking or phishing, but simply by finding a vulnerability that allowed users to record millions of phone numbers from Facebook’s servers. In August 2019, Facebook patched this vulnerability, but was unaware of the stolen data. However, in April 2021, phone numbers of the 533 million users were posted to a hacking forum. This data mainly consisted of names and phone numbers, but some email addresses and birth dates were compromised as well [4]. Even worse, the data was posted for free on a public forum, meaning that any scammer or spammer with basic computer knowledge could access this stolen data [4].
While no financial or government data, such as credit card numbers or Social Security numbers, were posted, the release of phone numbers and corresponding names was a goldmine for scammers. Primarily, these cybercriminals could use this information to send phishing scams to unsuspecting users. While the attack could have been much worse, the leak of over half a billion phone numbers directly after Facebook’s previous data scandal was not received well by the general public.
Facebook did little to satiate the outrage following the leak. After the leak was publicly revealed, Facebook stressed that the leaked data was outdated (albeit, by only two years) and that the security flaw had already been patched. Additionally, Facebook refused to notify the affected users, stating that there was nothing that users could do to mitigate the consequences [5].
The Aftermath
While a leak that puts 533 million phone numbers at risk may sound like a big deal, for Facebook, it’s just a drop in the bucket of criticism the company has received regarding user privacy. After all, the Cambridge Analytica scandal forced Zuckerberg to testify before Congress. For Facebook, this is a run-of-the-mill data breach. In fact, in a leaked email detailing the company’s response to the breach, a Facebook employee stated “We expect more scraping incidents and think it’s important to both frame this as a broad industry issue and normalize the fact that this activity happens regularly [6].”
Unfortunately, it appears Facebook is not planning on making substantive changes regarding user privacy. This isn’t particularly surprising, as Facebook has become a giant because of its willingness to collect user information. However, just because Facebook is slow to change doesn’t mean you have to be a victim. You can protect your data by following simple cybersecurity tips, like not clicking unfamiliar links and double-checking email addresses. If Facebook isn’t going to protect your privacy, it’s up to you to do it yourself.
Protect Your Data with AXEL Go
Another way to protect your privacy is to use a secure file-sharing software. Offering industry-leading encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from unauthorized cybercriminals. Featuring a myriad of unique privacy features, AXEL Go is the best way to keep your data safe. If you’re ready to try the best protection, get two free weeks of AXEL Go here.
[1] Greenwald, Glenn, and Ewen MacAskill. “NSA Prism Program Taps in to User Data of Apple, Google and Others.” The Guardian. June 07, 2013. https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data.
[2] Meredith, Sam. “Facebook-Cambridge Analytica: A Timeline of the Data Hijacking Scandal.” CNBC. April 10, 2018. https://www.cnbc.com/2018/04/10/facebook-cambridge-analytica-a-timeline-of-the-data-hijacking-scandal.html.
[3] Nuñez, Michael. “FTC Slaps Facebook With $5 Billion Fine, Forces New Privacy Controls.” Forbes. July 24, 2019. https://www.forbes.com/sites/mnunez/2019/07/24/ftcs-unprecedented-slap-fines-facebook-5-billion-forces-new-privacy-controls/.
[4] Holmes, Aaron. “533 Million Facebook Users’ Phone Numbers and Personal Data Have Been Leaked Online.” Business Insider. April 03, 2021. https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4.
[5] Farmer, Ryan. “Facebook’s April 2021 Data Breach Explained.” StrongVPN Blog. April 30, 2021. https://blog.strongvpn.com/facebook-data-breach-april-2021/.
[6] “Facebook Downplays Data Breach in Internal Email.” BBC News. April 20, 2021. https://www.bbc.com/news/technology-56815478.