Another day, another Facebook privacy disaster. The world’s most prolific social media platform today announced two different security issues. Interestingly enough, they made the announcement the same day as some other big news dropped.
I don’t think it is a stretch to believe this timing was unintentional.
In its latest privacy-shattering revelation, Facebook says it “unintentionally” uploaded the email contact lists of 1.5 million new users without permission. Following an investigation that stemmed from their earlier admission that it was requesting email passwords from certain new users in order to verify their identities, Business Insider found that the site was then performing an import of the user’s email contact list without asking permission to do so.
So we’re clear, this type of thing “doesn’t just happen” when this contact upload/connection/verification feature was designed and created, there was an intentional decision to save those contacts and email addresses somewhere. Computers don’t just decide where to save 1.5 million contacts (email address, names, etc). A program was created that explicitly controlled how and where that data was saved. If you have ever used mail merge, you know that data doesn’t “just happen” to go to the right places.
Facebook now admits that this was happening, by mistake, and that it collected the contact lists of 1.5 million users. “These contacts were not shared with anyone and we’re deleting them,” Facebook said in a statement. The company is also notifying all affected users.
Facebook also quietly admitted Thursday that “millions” of Instagram users’ passwords were being stored internally in plaintext.
Sidenote: Do yourself a favor and use a password management tool
In an update to an earlier blog post about the March scandal involving an internal server where millions of plaintext Facebook passwords were being stored, Facebook says, “We now estimate that this issue impacted millions of Instagram users,” and as it did with the previous batch of Facebook users, the company will inform everyone affected.
“Our investigation has determined that these stored passwords were not internally abused or improperly accessed,” the company says.
Why Does This Matter?
Aside from the personal privacy matters at hand – i.e., you as a person have zero privacy when you are publishing your life online, from a business perspective, how are you protecting your customer’s privacy? Do your tools and programs safeguard important data?
I have no doubt that these unacceptable practices – and utter lack of apology and remorse – by large brands like Google and Facebook will trigger more government oversight and regulations. Companies whose business model is based on collecting, analyzing, listening to, and – in some cases – selling massive amounts of data will be the first to be regulated. The bleedover will affect every business owner who collects any amount of information from their customers.
As a business owner, the likelihood of you having access to customer data is high. What safeguards to you have in place to keep that information private?
How do data breaches like what Facebook/Instagram/Amazon/Google are experiencing breed distrust in consumers? What are you doing to address this for your own brand?