13 Comments »I have been tipped off that there could be a major lawsuit announced in the coming days regarding security at Facebook. Much of this revolves around Facebook’s lack of privacy controls within their company and that significant data has been leaked. As published on the Jobmatchbox blog, according to a Facebook insider, “privacy controls at Facebook are non-existant.” Any employee within the company has full access to your messages and account information. Technically, they can even login as you and impersonate you. This is not going to bode well for Facebook.
Facebook opened up the platform, but the entire site has been completely open for Facebook employees since the beginning. A comparison of the privacy policies of Facebook, Yahoo, Google and Microsoft proves that Facebook does absolutely nothing to restrict internal employee access of information while each of the competitors restrict employee access to personal information unless it is critical for their job. This could result in a massive security leak at Facebook. I’ve had AOL employees tell me of their lack of access to user data and analytics of anything outside of their department.
I cannot start to explain how bad of a business practice this is. Facebook is going to be in some serious trouble as they rush to build an internal system for restricting access to information. A large portion of the money that Facebook is supposedly raising is going to end up being spent on legal fees. All I can say is wow!
Update
Just to clarify my tip did not come from someone at the Jobmatchbox blog. The information regarding security issues did. Additionally, I have since found out that the lawsuit information was not accurate and should not have been published. Next time there will surely be a verifiable source.
Isn’t Facebook, and everything on their servers, their property? I mean, if they pulled the plug tomorrow, would they be forced to give all the information back to the users?
What is the exact legality in question?
I failed to add the phrase “and that significant data has been leaked.” It appears that the lawsuit is regarding a serious breach of information.
Isn’t Facebook, and everything on their servers, their property? I mean, if they pulled the plug tomorrow, would they be forced to give all the information back to the users?
What is the exact legality in question?
I failed to add the phrase “and that significant data has been leaked.” It appears that the lawsuit is regarding a serious breach of information.
“Facebook opened up the platform, but the entire site has been completely open for Facebook employees since the beginning.”
Don’t confuse “open” with “insecure”- FB opening their platform does not implicitly expose their users’ data to rogue application developers just because their employees have root access.
That said, if they do not design the system with security in mind at all levels internal and external from the ground up, one simple code bug (like an SQL injection leak) that allows an outsider to log in with employee credentials would be a complete and catastrophic security failure.
“Facebook opened up the platform, but the entire site has been completely open for Facebook employees since the beginning.”
Don’t confuse “open” with “insecure”- FB opening their platform does not implicitly expose their users’ data to rogue application developers just because their employees have root access.
That said, if they do not design the system with security in mind at all levels internal and external from the ground up, one simple code bug (like an SQL injection leak) that allows an outsider to log in with employee credentials would be a complete and catastrophic security failure.
[...] are messages that I’m not receiving as well. Perhaps this has to do with Facebook’s open access to employees policy. Whatever the reason is, Facebook needs to hurry up and release a new version of their messaging [...]
[...] predators and privacy concerns are popping up out of the woodwork. Our speaker Nick O’Neill writes: The entire site has been completely open for Facebook employees since the beginning. A comparison [...]
[...] be true. There’s been no communication from Facebook about it as of this writing. And until the predicted lawsuit actually surfaces, we can’t really jump all over Facebook for something we don’t even know if they did [...]
[...] there is any proof of this taking place, the Facebook employee should be fired. Last month I wrote about Facebook employees have unrestricted access to the Facebook database and can modify items within [...]
[...] system to prevent Match.com employees from simply logging into people’s accounts. I remember when it was widely speculated in the blogosphere that a similar security hole existed over at Facebook. Of the rumor, Nick [...]
Considering that Facebook employees have full access to administrative actions regardless of any reports or investigations
they can simply look at a report deem you to have broken some rules and lock you out without any justification or reasoning other then the ones given by them
no claims no appeals nothing
really poor Customer support
Considering that Facebook employees have full access to administrative actions regardless of any reports or investigations
they can simply look at a report deem you to have broken some rules and lock you out without any justification or reasoning other then the ones given by them
no claims no appeals nothing
really poor Customer support