Facebook’s woes continue

Facebook faces another security breach. Although the issue is internal, the issue is liable to damage Facebook’s already tarnished public reputation.

Background

Facebook, a social media and social networking site, was launched by Mark Zuckerberg in 2004 along with some of his Harvard roommates. The site was an instant success, growing exponentially across the world. As of December 2018, Facebook has over 2.32 billion active monthly subscribers, with 1.15 billion active daily mobile users of the service.

In May 2017, it emerged that Facebook was a key influencer in the outcome of the 2016 US Presidential election and the Brexit vote, according to those who ran the campaigns. Analysts believe that digital campaigns employing the social network were decisive in both wins. In past years, social media, in general, has come under scrutiny for its advertising campaigns, the presence of terrorist propaganda, the use of bots, and the proliferation of ‘fake-news’ ahead of elections. 

Since the start of 2018, Facebook has committed to making significant changes to its platform. In a post on his page on the social network, creator and CEO Mark Zuckerberg said the website was making too many errors enforcing policies and preventing misuse of its tools. Zuckerberg has famously set himself challenges every year since 2009. In 2019, the Facebook creator said his “personal challenge” is to fix important issues with the platform to prevent misuse of the website.

Analysis

A recent report by cybersecurity blog KrebsOnSecurity found that “hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees.” KrebsOnSecurity reports that the breach was a result of applications developed by Facebook employees that internally logged unencrypted passwords of users as early as 2012.

On March 21, 2019, Facebook said that it had resolved the glitch that had exposed the passwords of millions of its users. The company said, “These passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.” They also added that the flaw had been detected in January during a routine security review of their ecosystem.

A source at Facebook indicated that the investigation has revealed a security lapse in 200-600 million Facebook users in locations searchable by over 20,000 of Facebook’s employees. The source also said that Facebook is still ascertaining how many user passwords were exposed and how long ago the breach began.

The majority of those affected are users of Facebook Lite, an application aimed at people in regions with unreliable levels of connectivity or with low-spec devices. The company said, “We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.” The breach comes during enhanced scrutiny on Facebook’s actions during recent election cycles largely pertaining to the proliferation of misinformation. However, there has been significant focus on privacy centred around the misuse of Facebook’s tools.

It is significant that despite the discovery of the issue in January of 2019, it took months before the glitch was fixed. The fact that the fix comes days after the security flaw was first reported, highlights the damage control mode that Facebook is currently operating under. In addition, the flaw was exposed by a blog focused on cybersecurity months after Facebook’s founder pledged a change in the operations of the social media platform. Earlier in March, Facebook was under the magnifying glass from security and privacy experts for using phone numbers in aid of other endeavours such as marketing and advertising. Some American presidential hopefuls such as Elizabeth Warren have floated a plan to break up the social media behemoth on anti-trust grounds, further muddying the outlook on Facebook’s future.

Assessment

Our assessment is that Facebook is likely to come under increasing scrutiny over privacy, security and misinformation. We believe that while Facebook seeks to make structural changes to its architecture, it may be difficult to accomplish their goals given the inherent flaws that exist in its business model. We believe that unless tech giants are able to make concerted progress in the spheres of privacy, security and information, they are likely to come under increased pressure over anti-trust concerns.