Chronicling Facebook's security and privacy breaches in 2019
- Facebook dominates a large part of the social media world with Facebook, Whatsapp, and Instagram under its hood.
- However, this year wasn’t a very good one for the company with multiple breaches being reported.
Let’s look at the times the social media giant was in the news this year for failing to secure itself from breaches.
Facebook found storing user credentials in plaintext - March 2019
Millions of passwords, primarily belonging to Facebook Lite users, were stored in plain text by the social media company. Some of the passwords also belonged to Instagram users. Although the passwords were not visible to anyone outside Facebook and were not internally misused, the company planned to contact the impacted users and enhance security measures.
Misconfigured third-party servers leak user records - April 2019
Around 540 million Facebook user records were exposed by two misconfigured Amazon cloud servers. Both these servers belonged to third-party companies, ‘Cultura Colectiva’ and ‘At the Pool’ Facebook game. One of the leaky servers was said to contain more than 22,000 user passwords in plain text.
Buffer overflow bug in Whatsapp - May 2019
Facebook-owned Whatsapp was also in the news this year, for a privacy breach. A major security flaw was reportedly exploited by a private company for cyber espionage. This flaw was a buffer overflow vulnerability that allowed attackers to potentially install spyware on the targeted devices. Whatsapp released patches for this vulnerability.
Unprotected server exposes Instagram influencer records - May 2019
An unprotected AWS bucket exposed more than 49 million records belonging to Instagram influencers. The exposed information included names, profile pictures, and the number of followers. In some cases, private contact information was also leaked. The database belonged to a social media marketing firm Chtrbox. The firm secured the database soon after learning about the leak.
Unsecured server leaks Facebook user information - September 2019
An unsecured server that was publicly accessible exposed 419 million records of Facebook users. Names, genders, countries, unique Facebook IDs, and associated phone numbers were said to be among the exposed information. A Facebook spokesperson said that the data was old and was probably obtained before Facebook disabled the option of finding people using phone numbers on the platform.
App developers accessing Facebook groups' member information - November 2019
The latest breach involved around 100 app developers being able to access the information of Facebook users in certain groups. Facebook, in a blog post, said that at least 11 partners accessed the information in the last 60 days. Although the company found no evidence of access abuse, it promised to ask partners to delete any retained data and revealed plans of conducting an audit to ensure data deletion.
Facebook-owned social media apps are extremely popular. Considering the amount of user data the company handles, the impact of a misconfiguration or hack could be massive. As users, we must take precautions including exercising caution when granting app permissions, using strong passwords, and updating to the latest app versions to ensure a basic level of defense against cyberthreats.