Last February 7th 2013, Facebook became news for suffering the stealing of more than 16.000 passwords of its users in Israel. However, it is not the first time that users suffer the consequences of the weak security and data protection system of this social network. Thus, from its initial stages until the current date, episodes of websurfers privacy infringement have occurred. Let’s look at them below.
In May 2010, Facebook suffered a security breach which allowed users to see in real time private conversations of their friends with other people and access to their friendship requests. The breach was incidentally discovered by a user and Facebook blocked the chat system until they solved the problem.
During the summer of 2010, Facebook was sued by Germany for collecting information of people that did not have an account in this social network and never authorized the access to their personal data. But it was in November of that year, when some serious facts came to light, since Facebook admitted having sold personal data of its users to companies and advertising agencies, providing them with the number that indentifies every user of the network (UID). In an attempt of taking action on this issue, the social network suspended the programmers companies that had received money for supplying that information, although it did not reveal the names of the companies. In the meanwhile, the Spanish Agency for Data Protection investigated whether said data sale had affected Spanish users.
In 2011, a programming error in Facebook allowed advertisers to access to private data of users. According to an important security agency, approximately 100.000 applications of the social network would have leaked security passwords, allowing the access for advertisers to the profiles and messages of the users. Facebook confirmed the problem but denied that it would have had an impact on users. Nevertheless, the security agency recommended them to change their passwords in other to avoid that the applications remained sending their personal data.
This happened in May 2011, and for more than a year, Facebook seemed to have solved its deficiencies regarding the protection of its users’ personal data. But nothing further from the reality, since in august 2012, the German Agency for Data Protection sued this social network for its new facial recognition system, which the Germany considers illegal. This way, Facebook was accused of creating a database of users’ faces, without informing and consulting the concerned people. Whereas the authorities required deleting all the information except for users who expressly gave their consent, Facebook refused to look for solutions. The litigation remains open today.
As for Spain, in September 2012, the consumers association FACUA sued Facebook for a security hole that it was considered scandalous. It was asserted that the social network had exposed private users’ messages users from the years 2007, 2008 and 2009, which appeared on their own walls. Facebook declared that the problem resulted from a mistake of the users, since the apparent private messages were old publications that had always been public on the users’ walls, who got confused when the new design of the Facebook profile was launched, the so-called Timeline.
Thereafter, during the month of October, Facebook tried to silence the blogger Bogomil Shopov, in order to avoid that a possible scandal of massive selling of users’ personal data was revealed. Shopov maintained that he had bought names and personal data of more than 1 million users to the company Gigbucks, underlining that he bought them legally and just for the price of 5 dollars. That company would have obtained the information through certain Facebook applications that collect and store users’ data. The blogger was required by Facebook to remove from his blog the procedure for carrying out this operation, but he refused to do it, what lead Facebook to improve its data protection policy.
Despite this, in October 2012 another Facebook failure left users’ telephone numbers without protection. In this case, a researcher called Suriya Prakash obtained the phone numbers of thousands of users who access to the social network though their cell phone, revealing this way an important security failure that was confirmed and solved, just partially, by Facebook.
Again, a month later, other Facebook failure was discovered, which permitted seeing private content of some groups. The social network confirmed the error and blocked the entrance to the private groups of the recently re-added members until the incident was solved.
The security company ESET published in January 2013, an statistical report concerning the social networks which shows that hackers focus more on Facebook, since it seems rather easy for computer experts to impersonate another user or company and carry out pishing attacks for the leakage and theft of personal data.
All this sequence of security incidents on the Internet has logically resulted in several users’ claims against Facebook. Likewise, this social network has been repeatedly sued by countries as Austria, U.S.A., Spain or Germany.
In the U.S.A., an attorney from California sued the social network for attempting against his privacy, as he checked that Facebook was using the users’ names for sponsoring products in the social network. At last, Facebook was not condemned, because, after admitting part of the problem, it reached an economic agreement with the affected users. This seems to be Facebook’s more common strategy: being cooperative when it is sued and offering a partial solution by means of economic agreements. Unfortunately, it is unlikely that its security problems will be resolved this way.
Written by Rocio Sirvent
Image: under creative commons license BY