- Facebook’s latest security blunder is mind-blowingly serious, and it would not be unjust for the company to have many billions wiped off its value.
- Losing up to 50 million people’s personal information is bad enough, but also risking people’s accounts with sites like Tinder, Airbnb, or Spotify was an outrageous error.
- Like other tech giants, Facebook decided a while ago that having all your social media information wasn’t enough – it wanted to know what you were up to on other sites too.
- It showed last week it can’t be trusted with that information, and users should leave in droves.
Facebook’s latest security blunder is a complete disgrace.
Facebook knows it, which is why the man in charge took a call with reporters on Friday to give the first, patchy explanation of multiple bugs which exposed 50 million people’s information. Apparently, Zuckerberg sounded tired. He should have sounded desperate.
The company waited for the news to filter out before revealing in a second call that, actually, the hack was much worse than anyone thought. It’s possible that the breach also affected services where a person uses their Facebook identity to login, such as Tinder, Spotify, and Airbnb. At this point, no one knows precisely how much data hackers took off with, although it’s clear they would have had full access to victims’ profiles.
The company’s attitude is roughly equivalent to writing the shrug emoji and the caption “sux 2 b u.” In a call with reporters, Facebook didn’t willingly volunteer that its security breach might actually be much bigger than anyone thought – it took a question from Slate journalist Will Oremus to tease that out.
Here’s the relevant part of the transcript, highlighted:
There’s lots about the attack we don’t know at this point, but one thing is clear: It would not be unjust for Facebook to have many billions wiped off its value. The potential scale of this hack is more serious than Cambridge Analytica.
Even if the hackers miraculously stole very little, the fact it ever happened at all to a company entrusted with two billion people’s information is astonishing. And it is all down to the company’s early, hacky approach to growth and its apparently boundless greed.
This breach was entirely down to a flaw in Facebook’s own code
Facebook explained that the hack was down to multiple bugs in its own code, relating to a video upload tool, and Facebook’s pro-privacy “View As” feature.
As Facebook explained it, the video uploader would appear erroneously whenever users were making use of the “View As” tool. The tool lets you see your own Facebook profile from the perspective of another user. The uploader would then generate the access token for whoever’s profile users were looking up. Simply put, this potentially gave hackers access to millions of Facebook profiles.
It may have been tough for Facebook to anticipate how the code for different, apparently unrelated parts of its service might interact. But if you’re going to pitch for the world’s private, valuable details, like their date of birth, their gender, and their phone numbers, then anticipate it you must.
Especially if you’re going to spread your tentacles far beyond your own contained social network.
Facebook was too eager to own people’s identities across the web, and now it should pay the price
Around 2010, there was a battle for our collective online identity. Everyone knows that trying to remember account names and passwords for every site you use online is unfeasible. So one solution was either to use a password manager, or a trusted site like Google and Facebook to log in instead.
As an example, here’s a screenshot of Spotify’s sign-up page. It shows just how easy it is to log in with Facebook rather than fill out a long tedious form:
The tactic worked. According to Quartz, citing statistics from identity firm Janrain, Facebook became the most popular sign-in choice by a long shot.
The deal for the user was that they didn’t have to remember countless logins. The deal for a service like Spotify was that users had a frictionless sign-up, meaning faster growth. And, as ever, the deal for Facebook was more data – specifically knowing what their users were up to on websites that weren’t Facebook.
Was it really worth giving Facebook all that data, in exchange for an easier sign-up process? Especially since Facebook so clearly can’t be trusted to manage that information? Friday’s news suggests not.
Security experts and journalists have been warning for years that giving internet giants this much access to our online lives is risky. This is how comedian Baratunde Thurston put it in Forbes. He was writing about Twitter, but the same could apply to any big tech firm:
“Now I need Twitter to log in to the Washington Post’s comments section, where I express my anger about the latest plot twist on Fox’s Empire. If I never used Twitter again, I’d still be a Twitter user, because the company is like the school janitor with a fat ring of jangling keys to various doors in my online life.”
Users should be outraged that Facebook, after lobbying so hard for those jangling keys, massively profited from their information while making a paltry effort to protect it. The company doesn’t deserve billions of users’ trust, and the only way to effect change is to leave in droves.
NOW WATCH: Tech Insider videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.