Facebook firmly in the dock
In the wake of the latest scandal there can be no excuses about whose fault it was that 50m users had their accounts hacked
This time Facebook can’t blame a third party for last week’s hacking of 50-million accounts, nor its seemingly scandalous use of cellphone details, logged as security backup, for marketing purposes.
When the Cambridge Analytica scandal broke, Facebook tried to paint itself as the victim of an outside party that said it would delete the user details but didn’t. Actually, the personality quiz app that scraped up all that data — from an estimated 87-million users — was just using the extraordinarily lax privacy controls that Facebook itself allowed.
This time there can be no excuses. Facebook spotted last Tuesday that a hack was possible using its “view as” feature, which lets people view their profile as someone else would see it. It said 50-million people were directly affected and logged 90-million users out as a security measure: the other 40-million had used the feature since it was introduced in July 2017.
“Security is an arms race,” Facebook CEO Mark Zuckerberg later said — a race Facebook appears to be losing.
It’s the third major security problem since June, after Facebook unblocked people who had been blocked (for some this could be lifethreatening) and changed their sharing settings without permission.
It doesn’t help that last month Facebook’s chief security officer, Alex Stamos, left, and the company said it would not replace him, but instead have security specialists throughout the company. That doesn’t appear to be working out for the world’s largest social network, with 2.2-billion users.
There has been a lot of bad news for Facebook. Last week, the highprofile departure of Instagram cofounders Kevin Systrom and Mike Krieger (over clashes about the future of the picture-sharing app) caused an $11bn selloff in shares. Instagram, bought for $1bn in 2012, now has more than 1-billion users and is Facebook’s fastest-growing source of revenue. It’s also the net to catch young people who are not using Facebook.
Gizmodo’s Kashmir Hill revealed that Facebook uses cellphone numbers given for security purposes as part of the data it uses for advertising — the “shadow contact information”.
It is also rumoured that Whatsapp will start showing adverts in its Status section, similar to Instagram’s Stories.
The news on Friday coincided with a strange publicity stunt last week by a Taiwanese hacker, Chang Chi-yuan, who claimed he would delete Zuckerberg’s personal Facebook page last Sunday to show a security flaw, but it never happened.
There’s speculation that this was the flaw, but you never can tell.
Facebook also appeared to block people from posting The Guardian newspaper’s and Associated Press reports on the attack. It said later the story was shared so much that it thought it was spam.
Zuckerberg rehashed his apology and testimony to US lawmakers after the Cambridge Analytica scandal: “We need to do better.” But when?
Zuckerberg said, again, that Facebook must improve security. The question is: when?