Posted by Chenxi Wang on May 14, 2010
Facebook is currently the world's most popular social media site, with over 400 million users. Long-plagued by accusations of security leaks and lackluster privacy practices, the corporation is currently defending itself against a barrage of new criticism. CEO Mark Zuckerberg gave an interview earlier this year arguing that privacy is no longer a "social norm." Facebook privacy policies have been rapidly shifting to reflect this position.
The latest firestorm centers around a new feature called "instant personalization," a targeted advertising service that supplies personal user data to advertising partners like Pandora and Microsoft Docs. All Facebook accounts were included in this service when it was rolled out, and opting out is a convoluted, multi-step process. In a move that some users are calling deliberately deceptive, simply clicking an "opt out" check box does not protect your user data from being shared.
So far, the beta service is limited to three corporate partners — all of whom have promised not to behave inappropriately with the shared user data — but the feature is slated to be expanded over time. This puts millions of user accounts and their personal information at the mercy not just of Facebook, but of the ethics of every company that becomes an instant personalization partner in the future.
Other unintentional security breaches are also making headlines. A Russian hacker, who calls himself "Kirllos," recently claimed to possess the logins and passwords to 1.5 million Facebook user accounts — and he is putting them up for sale, cheap. Though no one has officially verified whether these user credentials are real or fake, Kirllos has allegedly sold off around 700,000 of them already.
If true, this incident puts another crack into Facebook's already besieged reputation. Account compromises not only leaks a user’s private information, including photos, status updates, and private messages sent between users, but can also lead to increased phishing risks — imagine a trusted Facebook friend sending you a message with a malicious embedded link, and once clicked, can direct you to a malware-laden site.
What does this mean for corporate users? Opening up your company to Facebook access could lead to increased phishing and malware threats, which could further cause data breaches and other more serious forms of security incidents within your corporate network. Given the soaring popularity of Facebook as a casual communication tool, the usual acceptable usage recommendations — urging employees to use discretion and avoid discussing sensitive information via Facebook — is far from sufficient.
Social media can be a corporate asset. Facebook provides a high-profile tool for company exposure and branding, and the wide reach of such a social platform can facilitate business networking. But if you had known that the media giant would be riddled with security holes, while at the same time deliberately taking on a cavalier attitude toward user privacy — would you have allowed your users access to Facebook?