While the call by some key players in Silicon Valley for some measure of restrictions to be imposed on or the summary shutdown of facebook.com is still wet on their lips over the reckless and extremely unethical methods with which Facebook treats users privacy, Facebook is in the news again over another brazen infringement of users privacy. It is so bad this time that British MPs have accused Facebook of knowingly and willingly violating data privacy laws.
Facebook’s operations have recently been put under the “microscope” and most of its activities sifted through with a “fine tooth comb” because of the way Facebook has been seen to utilize user data without user’s knowledge thus breaking all the rules of engagement in the social media kind of work. This repeated infringement of data privacy laws by Facebook is especially worrisome considering that Facebook and its associated products such as Instagram and WhatsApp has a user base of an estimated 2.7 billion users worldwide.
In recent times, security websites have released very damming reports about various activities which were considered infringement of user data privacy laws, some of these reports forced the social media giant to admit that its servers stored millions of passwords in plain text, in other words, millions of user passwords were stored in such a way that they were readable by its employees, according to Facebook’s admission, this has been the norm for many years. This practice storing such sensitive user information in plain text format on its internal servers, is a clear violation of basic/fundamental computer security practices.
On Thursday, Facebook vice president of engineering, security and privacy, Pedro Canahuati, admitted that the blunder was only uncovered in January during a routine security review, he however said that though the passwords were saved in such an unencrypted form, the data was accessible only to Facebook staffs and there have been no reports of compromise.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.”
To this end, Facebook will be notifying its hundreds of millions Facebook Lite users, tens of millions users of Facebook and tens of thousands of of Instagram users that their passwords may have been vulnerable to prying eyes.
“We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way,” Canahuati said.
According to Brian Krebs, of the security news website KrebsOnSecurity.com, an unnamed source in Facebook said that the internal investigation had so far indicated that as many as 600 million account passwords of users of these social networks were reportedly stored in plain text files and these files are searchable by more than 20,000 employees. According to the source, this breech in data security law dates back to 2012
In a related news, it was also reported that Facebook gave Netflix and Spotify access to users message, this access to user messages gives the companies enough information about the users to such extents where users are given user specific advertisements from going through user messages.
“There is no valid reason why anyone in an organisation, especially the size of Facebook, needs to have access to users’ passwords in plain text.”