days since last facebook scandal

(01/10/2019) In two hours of leaked audio, Mark Zuckerberg rallies Facebook employees against critics, competitors, and the US government.

Highlights from two hours of leaked audio from recent Q&A sessions with Facebook’s CEO.

[...] The Verge obtained two hours of audio from the meetings, which include extended question-and-answer sessions between Zuckerberg and his employees. In language that is often more candid than he typically uses in his public comments, Zuckerberg seeks to rally the company against Facebook’s competitors, critics, and the US government.

Sources

• The Verge: Read the full transcript of Mark Zuckerberg’s leaked internal Facebook meetings (01/10/2019)
• Le Monde: Facebook : une discussion interne entre Mark Zuckerberg et ses employés fuite dans la presse (01/10/2019)

(04/09/2019) A huge database of Facebook users’ phone numbers found online

Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies,

[...]

But because the server wasn’t protected with a password, anyone could find and access the database. Each record contained a user’s unique Facebook ID and the phone number listed on the account.

Sources

• Techcrunch: A huge database of Facebook users' phone numbers found online/ (04/09/2019)

(07/08/2019) Instagram leaks data, including location, to ad partner

Hyp3r used four key tools to scrape data from Instagram users. First, it utilized an Instagram security hole that allowed it to “zero in on specific locations” and collect all the posts made from those locations. Second, Hyp3r “systematically saved users’ public Instagram stories,” again utilizing that location data. Third, it “scraped public user profiles on a broad basis, collecting information like user bios and followers, which it then combined with the other location information.” Lastly, Hyp3r used image recognition software on user posts to analyze that the images included. The result was a database detailing a plethora of information about Instagram users.

Sources

• 9to5mac.com: Instagram bans ad partner for secretly tracking user locations, saving Stories, more (07/08/2019)
• Forbes: Instagram Partner Has Been Secretly Tracking Locations Of Millions Of Users: Report (07/08/2019)
• Business Insider: Instagram’s lax privacy practices let a trusted partner track millions of users' physical locations, secretly save their Stories, and openly flout its rules (07/08/2019)

(21/05/2019) Facebook caught lying to the Dutch Parliament

On May 15 2019, Facebook’s Head of Public Policy for the Netherlands spoke at a round table in the House of Representatives and stated: “You can now only advertise political messages in a country, if you’re a resident of that country.”

Dutch Digital Rights NGO Bits of Freedom quickly proved that this was completely wrong. It was no problem at all to boost a political posting to a German target group from a Dutch Facebook account and pay for it from a Dutch bank account, and vice versa.

Sources

• Bits of Freedom: Facebook lies to Dutch Parliament about election manipulation (21/05/2019)
• Niewsuur: Bits of Freedom: 'Facebook gaat de fout in met politieke advertenties' (21/05/2019)
• Bits of Freedom: Kamerleden boos na Facebook-onthulling Bits of Freedom (21/05/2019)
• German coverage: Digitalcourage: Facebook widerlegt: Wahlmanipulation aus dem Ausland ist möglich (22/05/2019)
• Boing Boing: Facebook's Dutch Head of Policy lied to the Dutch parliament about election interference (21/05/2019)
• European Digital Rights: Facebook lies to Dutch Parliament about election manipulation (22/05/2019)
• Radio Gütersloh: Wahlmanipulation im Internet möglich (22/05/2019)
• Neue Westfälische: Facebook sperrt Fake-Seiten mit AfD-Werbung vor Europawahl (22/05/2019)

(13/05/2019) WhatsApp vulnerability allows to install spyware

A vulnerability found in Facebook's owned messaging service WhatsApp, allowed a spyware to be installed allegedly linked to the NSO group.

Note: the funny part here is that nothing in the release notes of the update mentionned the vulnerability when the dev team was aware of it.

Sources

• Techcrunch: WhatsApp exploit let attackers install government-grade spyware on phones (13/05/2019)
• The Guardian: WhatsApp urges users to update app after discovering spyware vulnerability (13/05/2019)
• ArsTechnica: WhatsApp vulnerability exploited to infect phones with Israeli spyware (14/05/2019)
• EFF: What You Need to Know About the Latest WhatsApp Vulnerability (16/05/2019)

(25/04/2019) Facebook is looking down the barrel of a $2.2 billion fine for storing millions of passwords insecurely

Facebook is facing a multi-billion dollar fine for accidentally storing millions of people's passwords in plain text.

Ireland's Data Protection Commission (DPC), which is the default privacy regulator for Facebook in Europe, said on Thursday it had launched a "statutory inquiry" into the social network after it admitted to the error.

Sources

• Business Insider: Facebook is looking down the barrel of a $2.2 billion fine for storing millions of passwords insecurely (25/04/2019)

(18/04/2019) Facebook waited until the Mueller report dropped to tell us millions of Instagram passwords were exposed

Given the terrible run of form it’s been on over the last year, it probably shouldn’t be that surprising that Facebook waited until the highly anticipated report on Russian interference in the 2016 US presidential election to deliver some bad news.

Sources

• QZ: Facebook waited until the Mueller report dropped to tell us millions of Instagram passwords were exposed (18/04/2019)

(18/04/2019) "Ooops, I accidentally shared your contact list"

Facebook says it 'unintentionally uploaded' 1.5 million people's email contacts without their consent

Sources

• Business Insider: Facebook harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts (18/04/2019)

(11/04/2019) Mark Zuckerberg leveraged Facebook user data to fight rivals and help friends, leaked documents show

Facebook’s leaders seriously discussed selling access to user data — and privacy was an afterthought.

Sources

• NBCNews: Mark Zuckerberg leveraged Facebook user data to fight rivals and help friends, leaked documents show (11/04/2019)

(3/04/2019) Hundreds of millions of Facebook records exposed on public servers – report

Material discovered on Amazon cloud servers in latest example of Facebook letting third parties extract user data

Sources

• The Guardian: Hundreds of millions of Facebook records exposed on public servers – report (3/04/2019)

(7/03/2019) Facebook Messenger bug revealed who you had conversations with

Imperva, a cybersecurity company, on Thursday detailed a flaw with Facebook Messenger that allowed potential attackers to learn who you were talking with on the chatting service.

The security bug didn't show the content of the messages, but just knowing who you were in touch with has the potential to harm your privacy, said Ron Masas, the security researcher who discovered the vulnerability.

Sources

• CNET: Facebook Messenger bug revealed who you had conversations with(7/03/2019)

(24/01/2019) Facebook pays teens to install VPN that spies on them

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August.

Sources:

• TechCrunch: Facebook pays teens to install VPN that spies on them (29/01/2019)
• TechCrunch: Apple bans Facebook’s Research app that paid users for data

(18/12/2018) Facebook allowed Netflix, Microsoft, Spotify and Amazon access to private messages and personal information of users

The 18 December 2018, the New York Times reveals that Facebook had given extended access to user data, on a much wider scope that it has previously disclosed.

Sources:

• The New York Times: Facebook gives access to private messages to 3rd party partners (18/12/2018)
• Libération: Partage des données : Facebook et ses partenaires particuliers (19/12/2018)
• Usbek & Rica: Pour les partenaires de Facebook, vos données personnelles, c'est open bar (19/12/2018)
• BFMTV: Facebook a laissé Netflix et Spotify accéder à tous vos messages privés (19/12/2018)

(1/11/18) Facebook Knows How to Track You Using the Dust on Your Camera Lens

In 2014, Facebook filed a patent application for a technique that employs smartphone data to figure out if two people might know each other. The author, an engineering manager at Facebook named Ben Chen, wrote that it was not merely possible to detect that two smartphones were in the same place at the same time, but that by comparing the accelerometer and gyroscope readings of each phone, the data could identify when people were facing each other or walking together. That way, Facebook could suggest you friend the person you were talking to at a bar last night, and not all the other people there that you chose not to talk to.

Sources:

• Gizmodo: Facebook Knows How to Track You Using the Dust on Your Camera Lens (1/11/2018)