Facebook’s latest privacy scandals open regulator floodgates

Storing passwords in plain text and harvesting email contacts have landed the firm in hot water -- again.
Written by Charlie Osborne, Contributing Writer

Facebook's damage control teams must be busy these days with data scandal after scandal appearing out of the woodwork on what seems to be a monthly basis -- all of which are gaining the interest of regulators worldwide.

The Cambridge Analytica incident seemed to be only the tip of the iceberg, with the most recent examples of Facebook's failure to adequately protect and store user data is highlighted by the harvest of email contact data and the storage of millions of user passwords in plain text.

Data protection is now a hot topic and one that Europe has taken more seriously with the revamp of old data and security rules through the implementation of the EU's General Data Protection Regulation (GDPR).

Under these rules, companies operating in European countries are held to a high standard when it comes to consumer data storage and security -- and this is an area Irish regulators are now examining to see if Facebook has fallen short.

On Thursday, the Irish Data Protection Commissioner said a new investigation is now underway due to March's reveal of the storage of Facebook, Facebook Lite and Instagram passwords in plain text on company servers. Up to 20,000 Facebook employees may have been able to access this information, which potentially dated back to 2012.

"We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR," the data watchdog said.

See also: Facebook asked to clamp down on cops creating fake accounts

Across the pond, Canadian authorities published the results of a year-long investigation into Facebook's privacy practices this week.

The investigation focused on the Cambridge Analytica scandal, in which the Privacy Commissioner of Canada and the Information and Privacy Commissioner for British Columbia believe hundreds of thousands of Canadians -- as part of a wider pool of 87 million users -- were affected.

The watchdogs said that Facebook had committed a "major breach of trust" and Facebook "abdicated its responsibility for personal information under its control, effectively shifting that responsibility to users and apps."

TechRepublic: Enterprise cryptojacking attacks continue, despite overall decline in popularity among hackers

Separately, Facebook is also facing scrutiny from regulators in the United States. In April, the social media giant admitted to the "unintentional upload" and harvest of email account contacts during some new account registration and verification systems.

In total, Facebook stored email contact data belonging to roughly 1.5 million users over three years, a practice which the company said in hindsight was "not the best way" to go about verification.

Facebook has promised to delete the information. Regulators, however, have not looked upon the latest example of the firm's lax privacy practices with a friendly eye.

As reported by sister site CNET, Facebook is now being investigated by the New York attorney general's office over the contact scraping. New York Attorney General Letitia James said that it is about time that the social network "is held accountable for how it handles consumers' personal information."

CNET: Facebook faces investigation by New York attorney general over email collection

Facebook, in turn, said, "we're in touch with the New York State attorney general's office and are responding to their questions on this matter."

During Facebook's quarterly earnings release, the company also said that $3 billion has been set aside to cover legal expenses related to a US Federal Trade Commission (FTC) investigation based on the company's attitude to user privacy following the Cambridge Analytica scandal.

Facebook's worst privacy scandals and data disasters

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards