How Facebook Ignored Security Warnings for 3 Years

As the news broke of Facebook’s Cambridge Analytica data scandal, the average social media user would be forgiven for thinking that this disaster had come seemingly out of nowhere.

Sure, there were jokes about how Facebook owned all of your data and were selling them off to the highest bidder in the infinite online void. But these were taken in a similar manner to wisecracks about Zuckerberg’s socially awkward – some have said robotic – congress performance.

In general, most people seemed to feel that their data was in reasonably safe hands, or at least, they did so far as we can garner from the site’s ever-expanding success. But there were warnings, and not from some eccentric doomsayers that most intelligent people would be forgiven for ignoring.

There were warnings from industry experts dating as far back as 2013. I personally, spoke about the issue in 2015, in which I blogged about here. I raised my concerns over a loophole in hackers gathering personal data from Facebook.

In the blog, I explain how, by using one of Facebook’s APIs in bulk, hackers would be able to decrypt and collect Facebook user IDs. This meant that potentially millions of users’ personal data could be gathered, including details such as telephone numbers, names, locations and more.

I advised that the communication with APIs be pre-encrypted or have other security measures taken to prevent an enormous phishing problem should the loophole be discovered by the wrong person.

Facebook however, did not want to listen.

They responded stating that, despite all the evidence to the contrary, they did not consider it a security issue.

At the time, I said: “When I reported the issue to Facebook, they never correctly responded to my request. I believe the government should have done something then and hence why I was so adamant.”

A similar story was echoed two years earlier by Brandon Copley, CEO of Giftnix, who warned the company of the ease of which personal data could be gathered on mass. For his troubles, he received a threat of legal action for demonstrating how it can be done.

It wasn’t until years later that Facebook made any attempt to deal with the issue.

I kept my eye open to see when the mass collection issue was fixed, and it was towards mid-2017 when I saw Facebook making changes.

However, for many, this is simply a case of too little too late. The damage has already been done, with the company believing that as many as 87 million users, including Zuckerberg himself, could have had their data shared with Cambridge Analytica.

Although it’s a good start that Facebook is looking at tightening their API approval process, I believe that it is too late, and the majority of the mass collection has been done, given that Facebook’s growth has slowed down.

What I do believe is that Facebook has seriously missed to comment on what happens to the old apps that already have access to the APIs and collect away. Is there a process of re-reviewing these?

People are now conscious about their data and won’t be giving away more data when they recognise it: previously they were not. So, it is most likely that they have already given their data away and it will continue to be used without their knowledge.

This scandal has seen the seemingly unstoppable social media juggernaut’s growth affected and for the first time since it became a household name, its future is in real jeopardy.

While Facebook still looks to be a considerable force in the future of the online world, it’s foundations have been shaken. Now, the path it takes is almost certainly going to be deeply affected by these events, especially when you consider that this is a scandal that could have been easily avoided.


Leave a Reply

  Subscribe  
Notify of

Pin It on Pinterest

Share This