I have been tipped off that there could be a major lawsuit announced in the coming days regarding security at Facebook. Much of this revolves around Facebook’s lack of privacy controls within their company and that significant data has been leaked. As published on the Jobmatchbox blog, according to a Facebook insider, “privacy controls at Facebook are non-existant.” Any employee within the company has full access to your messages and account information. Technically, they can even login as you and impersonate you. This is not going to bode well for Facebook.
Facebook opened up the platform, but the entire site has been completely open for Facebook employees since the beginning. A comparison of the privacy policies of Facebook, Yahoo, Google and Microsoft proves that Facebook does absolutely nothing to restrict internal employee access of information while each of the competitors restrict employee access to personal information unless it is critical for their job. This could result in a massive security leak at Facebook. I’ve had AOL employees tell me of their lack of access to user data and analytics of anything outside of their department.
I cannot start to explain how bad of a business practice this is. Facebook is going to be in some serious trouble as they rush to build an internal system for restricting access to information. A large portion of the money that Facebook is supposedly raising is going to end up being spent on legal fees. All I can say is wow!
Update
Just to clarify my tip did not come from someone at the Jobmatchbox blog. The information regarding security issues did. Additionally, I have since found out that the lawsuit information was not accurate and should not have been published. Next time there will surely be a verifiable source.
![[Inside Social Apps 2012]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/ISA2012_336x100_F_RegisterNow.gif)
![[AllFacebook Stats: Facebook Analytics for Your Business]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/stpro_allfacebookstats.gif)
![[How can Facebook change your business?]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/FMB_A_MAY2011_336x100_F.gif)
Isn't Facebook, and everything on their servers, their property? I mean, if they pulled the plug tomorrow, would they be forced to give all the information back to the users?What is the exact legality in question?
Comment by Ryan Merket — September 24, 2007 @ 6:55 pm
I failed to add the phrase "and that significant data has been leaked." It appears that the lawsuit is regarding a serious breach of information.
Comment by Nick O'Neill — September 24, 2007 @ 6:57 pm
Isn't Facebook, and everything on their servers, their property? I mean, if they pulled the plug tomorrow, would they be forced to give all the information back to the users?
What is the exact legality in question?
Comment by Ryan Merket — September 24, 2007 @ 7:55 pm
I failed to add the phrase “and that significant data has been leaked.” It appears that the lawsuit is regarding a serious breach of information.
Comment by Nick O'Neill — September 24, 2007 @ 10:57 pm
"Facebook opened up the platform, but the entire site has been completely open for Facebook employees since the beginning."Don't confuse "open" with "insecure"- FB opening their platform does not implicitly expose their users' data to rogue application developers just because their employees have root access. That said, if they do not design the system with security in mind at all levels internal and external from the ground up, one simple code bug (like an SQL injection leak) that allows an outsider to log in with employee credentials would be a complete and catastrophic security failure.
Comment by Basil — September 25, 2007 @ 5:09 am
"Facebook opened up the platform, but the entire site has been completely open for Facebook employees since the beginning."
Don't confuse "open" with "insecure"- FB opening their platform does not implicitly expose their users' data to rogue application developers just because their employees have root access.
That said, if they do not design the system with security in mind at all levels internal and external from the ground up, one simple code bug (like an SQL injection leak) that allows an outsider to log in with employee credentials would be a complete and catastrophic security failure.
Comment by Basil — September 25, 2007 @ 6:09 am
[...] are messages that I’m not receiving as well. Perhaps this has to do with Facebook’s open access to employees policy. Whatever the reason is, Facebook needs to hurry up and release a new version of their messaging [...]
Pingback by Facebook's Poor Messaging System - The Unofficial Facebook Blog — September 25, 2007 @ 1:21 pm
[...] predators and privacy concerns are popping up out of the woodwork. Our speaker Nick O’Neill writes: The entire site has been completely open for Facebook employees since the beginning. A comparison [...]
Pingback by Web Community Forum » Blog Archive » Targeted Advertising, Sexual Predators, Privacy Concerns: MySpace and Facebook Start to Look More Alike — September 27, 2007 @ 3:21 pm
[...] be true. There’s been no communication from Facebook about it as of this writing. And until the predicted lawsuit actually surfaces, we can’t really jump all over Facebook for something we don’t even know if they did [...]
Pingback by Web Community Forum » Blog Archive » Was Facebook Critically Negligent About Privacy? The Jury is Still Out. — September 27, 2007 @ 7:57 pm
[...] there is any proof of this taking place, the Facebook employee should be fired. Last month I wrote about Facebook employees have unrestricted access to the Facebook database and can modify items within [...]
Pingback by Facebook Employees Are Modifying User Profiles - The Unofficial Facebook Blog — October 30, 2007 @ 9:27 am
[...] system to prevent Match.com employees from simply logging into people’s accounts. I remember when it was widely speculated in the blogosphere that a similar security hole existed over at Facebook. Of the rumor, Nick [...]
Pingback by Match.com Loses My Data, is Completely Unapologetic : TeresaCentric — January 17, 2008 @ 9:25 pm
Considering that Facebook employees have full access to administrative actions regardless of any reports or investigationsthey can simply look at a report deem you to have broken some rules and lock you out without any justification or reasoning other then the ones given by themno claims no appeals nothingreally poor Customer support
Comment by Michael Ching — February 15, 2008 @ 1:03 pm
Considering that Facebook employees have full access to administrative actions regardless of any reports or investigations
they can simply look at a report deem you to have broken some rules and lock you out without any justification or reasoning other then the ones given by them
no claims no appeals nothing
really poor Customer support
Comment by Michael Ching — February 15, 2008 @ 2:03 pm