The IT Nerd

You might recall that back in March,  those fine people at Facebook who happen to own Instagram has this happen to them:

Brian Krebs has an exclusive story on his blog, which for the record should be a must read for the security conscious out there, which details that Facebook hundreds of millions of passwords in plain text for years

So, fast forward to today. In an update to its original blog post, Facebook now says that millions of Instagram passwords were stored on its servers in a readable format. That’s right MILLIONS of Instagram passwords. Instagram user names, unlike Facebook usernames, can be highly appealing to thieves. Short names can sell for quite a lot of money, which makes Instagram passwords rather valuable. So if you didn’t chang your Instagram password when this news first broke, doing so now is a really

WTF?

The problem with this is that even though this is new news, it’s buried in an old blog post. So while they can say that they put this news out there, it’s done in a manner that is designed not to attract attention. That’s pretty shifty by Facebook and it highlights that it doesn’t take the security of it’s users seriously. Nor does it want to take responsibility when it screws us. Which these days is frequently. This is yet another reason to #DeleteFacebook because they don’t deserve your time and attention.

So from the “another reason not to trust Facebook” file comes the news that Facebook has fessed up to harvesting email contacts from 1.5 million people without permission since May 2016.

A security researcher who goes by the name e-sushi on Twitter, first noticed that the company was asking some new users to enter their email passwords to verify their identities. From a security standpoint that’s a total #Fail. Business Insider then spotted that if you did this a dialogue box popped up warning you with no chance to cancel, pause or opt out that it was importing all your contacts. That is a total #EpicFail. Since being brought to light, Facebook has now admitted that the emails were collected, analysed, used for ad targeting and to push its add-a-friend feature. But it was all by accident they claim. And it is notifying users and deleting the illegally collected details. So no harm, no foul. Right?

I’m sorry but I am running out of ways to express just how untrustworthy this company truly is. Example after example of bad behavior just keeps coming to light, which in turn illustrates that every human on Earth needs to avoid having anything to do with Facebook. Not only that, but I’ll say again that governments worldwide need to not only punish Facebook for this bad behavior, but they need to severely restrict how this company does business because it simply is out of control and it needs oversight by a third party given how untrustworthy they have proven themselves to be.

Mark Zuckerberg has some explaining to do as Facebook’s executive team, including Zuckerberg himself, used the data of Facebook users as leverage over partner companies, according to leaked emails, webchats, presentations, spreadsheets, and more obtained by NBC News:

The documents, which include emails, webchats, presentations, spreadsheets and meeting summaries, show how Zuckerberg, along with his board and management team, found ways to tap Facebook’s trove of user data — including information about friends, relationships and photos — as leverage over companies it partnered with.

In some cases, Facebook would reward favored companies by giving them access to the data of its users. In other cases, it would deny user-data access to rival companies or apps.

For example, Facebook gave Amazon extended access to user data because it was spending money on Facebook advertising and partnering with the social network on the launch of its Fire smartphone. In another case, Facebook discussed cutting off access to user data for a messaging app that had grown too popular and was viewed as a competitor, according to the documents.

All the while, Facebook was formulating a strategy to publicly frame these moves as a way of protecting user privacy.

Quite frankly this is above and beyond anything that we’ve heard to date about how this company handles data. Which is badly in the best case scenario. But clearly this is not the best case scenario. If this doesn’t get the attention of governments around the planet to finally smack this company down and to restrict its activities . Nothing will. I say that because clearly Facebook needs to be held fully accountable for this.

Speaking of Facebook, when they were asked for comment by NBC News, the company tried to spin this away. But no amount of spin will make this fact go away. Which is that everyone, everywhere needs to #DeleteFacebook as the company simply cannot be trusted.

Adding to Facebook’s problems is this from The Department of Housing and Urban Development in the US. They are suing social media giant Facebook for allegedly violating the Fair Housing Act.

HUD says Facebook does so by “encouraging, enabling and causing housing discrimination” when it allows companies that use their platform to improperly shield who can see certain housing ads. In the charging document, HUD accuses Facebook of unlawfully discriminating against people based on race, religion, familial status, disability and other characteristics that closely align with the 1968 Fair House Act’s protected classes.

HUD also alleges Facebook allowed advertisers certain tools on their advertising platform that could exclude people who were classified as “non-American-born,” “non-Christian” or “interested in Hispanic culture,” among other things. It also said advertisers could exclude people based on ZIP code, essentially “drawing a red line around those neighborhoods on a map.” “Facebook is discriminating against people based upon who they are and where they live,” HUD Secretary Ben Carson said in a statement. “Using a computer to limit a person’s housing choices can be just as discriminatory as slamming a door in someone’s face.”

Facebook responded like this:

We’re surprised by HUD’s decision, as we’ve been working with them to address their concerns and have taken significant steps to prevent ads discrimination. 

And:

While we were eager to find a solution,” Facebook added. “HUD insisted on access to sensitive information — like user data — without adequate safeguards. We’re disappointed by today’s developments, but we’ll continue working with civil rights experts on these issues

Everywhere you turn, Facebook is being accused of something. That suggests to me that a few more of these situations are likely to pop up. And that’s very bad news for Facebook who really wants to be seen as the poster child for bad behavior.

Brian Krebs has an exclusive story on his blog, which for the record should be a must read for the security conscious out there, which details that Facebook hundreds of millions of passwords in plain text for years:

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Facebook is probing the causes of a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012.

This is just mind blowing. And that’s not easy to say given Facebook’s security lapses have been blowing minds for over a year now. The fact that Facebook says that this hasn’t been exploited doesn’t mean anything. The fact that this problem exists illustrates yet again that Facebook when it comes to securing data is not to be trusted. Ever. They are too busy trying to make a buck off of their users to take any sort of reasonable steps to protect their user base. If this isn’t a reason to join team #DeleteFacebook, I don’t know what would be.

UPDATE: One thing that I forgot to mention is that you should change your Facebook password right now. Though deleting your Facebook account is another good option.

UPDATE #2: This statement from Facebook indicates that this affects Facebook Lite and Instagram users too.

Things are going from bad to worse for Facebook as two top execs at the company have decided to leave. The BBC has the details:

Facebook founder Mark Zuckerberg has announced the departure of the firm’s chief product officer Chris Cox and head of WhatsApp Chris Daniels.

Mr Cox joined in 2005, a year after Facebook was founded, while Mr Daniels took up his role only a year ago.

No reason has explicitly been given for their departure.

Neither is good for Facebook as anytime key execs leave a scandal ridden company, the optics never look good. Of interest, Cox noted in his own Facebook post that the company is “turning a new page” in its product direction, focused on an encrypted, interoperable, messaging network. Is there something to read into that? Who knows. But if the departures keep coming, then that will be a clear signal that there is trouble in Facebook HQ.