If you were so inclined, you could spend the hours equivalent to a full-time job tracking how many ways Facebook has flubbed user privacy. The company's chutzpah rating has been relentlessly strong. For example, it asked banks for user financial information while it was getting virtually pelted for playing so fast and loose with consumer data.
Now there's yet another issue. Facebook announced that the passwords of "millions of Instagram users" had been kept in plain text--readable by anyone who could and wanted to--the way last month tens of millions of Facebook users learned their passwords had been so mishandled.
Oh, but it's okay, says Facebook: "To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them." Ah, well, now I feel better. Just as I did when, in a recent routine checkup, an optometrist accidentally bumped my eye with his equipment and then checked and said, "Oh, no scratches, everything's fine."
For those having trouble keeping track--I know I am--this new bit of security ineptitude is separate from these others that have come up in the last couple of days:
- Facebook used user personal data as leverage over companies it partnered with and competitors. You know, the data that was so important that CEO Mark Zuckerberg and all knew they had to treat it right.
- The company is developing an AI voice assistant like Amazon Alexa, Google Assistant, or Siri, because who wouldn't trust Facebook listening in to their conversations?
- Facebook vacuumed up email contacts of 1.5 million people without asking, but I'm sure they were trying to be a thoughtful friend and tidy up when they had a moment.
Facebook had a good comment on its blog to address the latest problem of insecurely storing critical personal information for lord only knows how long:
In the course of our review, we have been looking at the ways we store certain other categories of information -- like access tokens -- and have fixed problems as we've discovered them. There is nothing more important to us than protecting people's information, and we will continue making improvements as part of our ongoing security efforts at Facebook.
Improvements like doing what would be considered bear minimum security in other companies. Sorry, didn't mean to carp.
You must have a certain amount of twisted respect for a company that could so continuously fall in the mud from practices that predictably would gain immense criticism and still make money. Most companies would normally be at least a bit more circumspect. Maybe a scandal a month, or a fortnight. Facebook manufactures them wholesale. It's a cottage industry.
The company is trying everything to address the bad press, from (presumably) hiring crisis communications experts to again saying that it will fix its problems. I heard someone comment that they cracked a joke before that Facebook was going to tell about more problems when the Mueller report issued in hopes that they could get a pass on. And then the information about the Instagram passwords came out at 10 a.m., eastern today. Right about when the redacted Mueller study was released. What a coincidence.
Someone should tell Zuckerberg that he may need more crisis communications help than he thought.