Facebook’s security and privacy fails have been major news over the past couple years.
The company’s attitude toward data privacy – prioritizing sharing over protection – has led some analysts to accuse the social giant of killing privacy.
Founder and CEO Mark Zuckerberg and his company have long been criticized for influencing users to take an increasingly lax attitude toward their privacy as a trade-off for convenient sharing. However, for a few years — accelerating after the Cambridge Analytica data scandal in early 2018 — the company has been the subject of increased scrutiny over its user privacy practices.
Facebook’s user base has stayed largely intact, but users’ tolerance is being tested once again.
Cybersecurity blog Krebs on Security recently reported a massive-scale mishandling of data stretching back to 2012. Hundreds of millions of user passwords on Facebook servers have been stored unencrypted in plain text for years — text that literally thousands of Facebook employees easily could have viewed and searched.
Facebook employees have built applications logging the unsecure data, exposing between 200 million and 600 million users to potential exploits and abuse. Internal investigations have determined that there have been no incidents of abuse, and users have been informed of the potential compromise of their information. However, the extent of the security compromise at one of the world’s most important tech companies exposes yet another alarming lack of protection affecting massive quantities of sensitive data.
Organizations should take note of the Facebook security incident for two reasons:
- First, it is critical that companies keep their employees aware of privacy matters related to their internet use, and educate them on how to stay protected. They should also consider reviewing their cybersecurity policies and determine whether they’re actually tripping up employees.
- Second, if a company as large as Facebook is capable of a major security failing, smaller companies are every bit as vulnerable – likely more so. Enterprise privacy programs need to include technical expertise to develop network infrastructure that protects end users from vulnerabilities affecting highly valuable personal information.
Lunarline can help your team engineer enhancements to privacy and security programs and educate your team on essential privacy protections. To learn more about these and other services, contact the Lunarline team today.