2018 is coming to an end, and it was a turbulent time for Facebook, the world’s largest social media company. Hit with scandal after scandal, the list of Facebook revelations showed just how valuable a user’s data was, and that it could all be manipulated, perhaps even used to win elections. This was also the year Google finally pulled the plug on its oft-forgotten social network, Google Plus. The reason though was the security disaster than Google Plus had turned out to be. We take a look at all the scandals that rocked the world of social media in 2018.
March 2018: Facebook’s troubles begin
The scandal that started it all began in March 2018, when New York Times and The Guardian published reports of how Facebook data of 50 million users was illegally harvested by a British firm called Cambridge Analytica.
The firm had allegedly got the data from a UK researcher’s personality quiz app and then manipulated it to target users with misleading political ads. A giant campaign of misinformation was used by this firm to swing election results, and that it possibly helped Donald Trump become US President.
The outcome of this scandal was that Facebook CEO Mark Zuckerberg eventually had to appear in front of committees of both the US Senate and House of Representatives and answer questions related to this issue.
Facebook on its part had denied any data breach, though it was forced to re-examine how third-parties were using the information they collected. Cambridge Analytica though was the start of Facebook’s 2018 problems.
April 2018: Facebook data of all users scraped
In April, Facebook revealed that the data of nearly all of its 2 billion users was likely scraped, possibly by malicious actors. This was done thanks to a search feature for account recovery, which used the email and phone number from the profile. Facebook said it would be disabling this feature. Facebook also admitted that Cambridge Analytica harvested close to 87 million profiles, and not the original 50 million.
May 2018: Twitter password fiasco
Twitter had to advise all of its 330 million user base to change their passwords after it managed to expose everyone’s password in a glaring security lapse. Apparently, the glitch caused passwords to be stored in plain text, which is not what one expects from a big technology firm. It was also alleged that password problem had existed for “several months.” Twitter insisted that there was no indication that passwords were stolen or misused by insiders.
June 2018: Facebook’s deals with smartphone companies
In June, another The New York Times investigation revealed that Facebook had special “data sharing partnerships” with over 60 smartphone makers, which were in place for years. Some of these were with Chinese firms like Lenovo and Huawei, which were all under the scanner in the US. Apple was also on the list, though CEO Tim Cook said they got zero data from Facebook.
The investigation showed that in some cases the device makers could pull information on users and their friends’ relationship statuses, political leanings, locations, etc, even if explicit consent was not given. The company on its part denied any wrong-doing and claimed all such partnerships were tightly controlled.
July: Facebook Quiz app 120 million
Facebook managed to leak the data of 120 million users thanks to a quiz service site Nametests.com. This happened even after Facebook’s own audit showed that the service had been deleted. NameTests was responsible for popular Facebook quizzes, such as “What Would You Look Like As a Drawing?”, and “What Will You Leave behind You in 2018?”
August: Facebook-owned Onavo app pulled from App Store
Facebook’s Onavo Protect app, a VPN-based data collection app, was pulled from the Apple App Store. The app was violating data collection guidelines. It was reported that the app helped Facebook figure out its video strategy and track potential competing apps in the social media space.
September: Facebook resets 90 million accounts
Facebook saw a massive security breach and had to reset 90 million accounts. Around 50 million users accounts were compromised as a security vulnerability allowed hackers to log into their accounts. As a precaution, Facebook reset a total of 90 million accounts.
Hackers got access to the 50 million accounts by exploiting bugs in Facebook’s code and stole “access tokens,” or digital keys to gain access. The vulnerability was introduced more than a year back in July 2017, when Facebook created a new video upload functionality.
The worst part: Facebook CEO Mark Zuckerberg’s own account was compromised. He also admitted that attackers could probably read someone’s private messages.
October: Google Plus woes
Google announced its own set of problems with the forgotten, but still alive Google Plus social network. Google Plus had a major security flaw, which had been spotted back in March 2018, and apparently compromised 500,000 accounts.
The Google Plus account was basically linked to everyone, who had a Gmail account and it was serious problem. Google, however, insisted it had not found any case of abuse or potential abuse by any developer thanks to the bug in its application programming interface (API), which gave access to private data to these third-party app developers. But things would get worse for Google Plus further down the year.
November: Facebook, Facebook and more Facebook
First, came the news that Facebook data of 120 million users was stolen, this included private chats. Apparently, this data was up for sale and the breach actually took place in September 2018. Facebook insisted that its security was not compromised and the data was sent out to hackers likely by malicious browser extensions.
Then came the New York Times investigation on how Facebook probably knew about the Russia interference in US elections in early spring of 2016, and had evidence for more than a year before executives shared this with the public. It also showed that Facebook feared backlash from Trump supporters and how the company launched a strong lobbying campaign to shift anger towards rival tech firms and critics of the company like billionaire George Soros, and rivals like Google.
The reports also showcased how Facebook’s COO Sheryl Sandberg personally wanted information on George Soros, after he had criticised both Facebook and Google. The company also deployed a public relations firm called Definers to push negative stories about critics. Facebook denied the charges made by the NYT report, and later said it has fired Definers. Read more here.
December: Facebook, Quora and Google Plus
Google announced that it would shut down the Google Plus network in April 2019, instead of August 2019. This was because Google discovered a second bug, which breached the data of 52.5 million users.
Popular question and answer website Quora also faced a data breach and asked everyone to reset their passwords. It claimed that over 100 million users were negatively impacted by this breach. Account information like name, email address, encrypted passwords and other information of users was compromised
Facebook still continued the run of ensuring a crisis a month. NYT revealed that Facebook had data deals with some companies giving them access to users’ personal data. In some cases firms like Netflix and Spotify could even read a Facebook users’ private messages, while Microsoft’s Bing search engine could the names of all of a Facebook user’s friends without consent. Facebook said that none of these partnerships violated user privacy.
This report came after a number of Facebook emails were made public by a UK parliamentary committee, which showed just how the company worked to crush competition, and knew the value of its user data, which it used to grow its business further. The emails exposed how Facebook had whitelisted certain apps to give them more access to user data, and that those who spent more on advertising on the platform were given better preference.
Facebook also had an issue where a bug impacted up to 6.8 million users and exposed user photos to third-party app developers. The bug affected people who used Facebook Login for third-party apps and granted them permission to access their photos.