When it comes to security issues with social media platforms, Facebook has always been on top of the list. In early 2018, Facebook–Cambridge Analytica data scandal was a major political scandal. According to reports, Cambridge Analytica was harvesting personal data of millions of Facebook users and using it for political advertising. Ever since then, the social media giant has been under severe scrutiny for its security relapses.
On 5 September 2018, Facebook disclosed that it had a serious security issue that impacted almost 50 million user accounts. As a necessary measure, the social media giant automatically logged out 90 million Facebook users from their accounts — 50 million of them were affected and the rest 40 million could be the potential victims.
Even though Facebook has always taken the necessary step to deal with any kind of security flaw, the company doesn’t seem to plan to make an exit from the security and privacy controversies. Early this year, the social media platform has confirmed that it stored passwords of millions of Instagram users in plain text, leaving them exposed to people with access to certain internal systems. Being such a big company that has been impacting this internet-driven world for years, this security lapse by Facebook was nothing less than a shock.
To top all the previous events of Facebook negligence towards users privacy and information security, recently the company has received a bad rep for its (lack of) security. Facebook has gone through a data leak that has exposed the phone numbers of users linked to Facebook accounts have been found online. Over 419 million users, more than the population of Uttar Pradesh (India’s most populated state), were impacted by this leak.
According to a report, the main reason behind this entire data leak was a server which was left unprotected by any password. And as a result, the server that contained more than 400 million phone numbers of users was open to access. And among all the breached data, 133 million records are of US-based Facebook users, 18 million from the UK, and over 50 million were from Vietnam. Moreover, the security-less server contained not only phone numbers of users but also Facebook ID (which is unique to every member), user’s name, gender and location by country.
Even after so many events of Facebook’s security being compromised, the company till date has not passed a single year without any news coming out. This time when the Facebook was asked about this event, the company’s statement didn’t seem to be serious enough and seems to be in denial — “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised. The underlying issue was addressed as part of a Newsroom post on 4 April 2018 by Facebook’s Chief Technology Officer.”
It’s been just a few days that the data leak has happened, and having data of more than 400 million floating on the internet, open to anyone, the chance of accounts getting hacked could be possible.
According to another source, the social media statement has made another statement that among all the 419 million phone numbers that have been leaked, about 200 million are duplicate. And it has made people raise several questions on the platform’s seriousness towards users’ privacy.
If you look at the entire event through the perspective of a user, it doesn’t matter how many phone numbers were leaked. For an end-user, it will always be that their favourite social media portal failed them.
Furthermore, we are living in an era where technology is doing things that were just concepts — AI is doing the job of a waiter, technology is having debates with humans, technology is defeating humans in board games. And in this era, a server that is left unprotected (even without a password) is completely unacceptable — that too from a company that has been ruling the social media since ages.
In this technology-driven era, even the small information about an individual could make a huge difference. Someone simply didn’t say that data is the new oil; the value of data with time is increasing at a rapid pace. The companies that are serious about data and its security will definitely sustain and the ones that are still in denial would have to face some serious consequences.
These kinds of incidents have shed a harsh light on how data gets forgotten and mistakes happen. And now, it is high time that companies that deal with users’ data reconsidered their cybersecurity game as even phone numbers could cause some serious damage with attacks like sim hijacking — ask Jack Dorsey, he knows the pain when your social media gets hacked.