A Timeline of Facebook Controversies, Scandals, Privacy Concerns, and Data Breaches

Facebook is inarguably one of the biggest
social networking websites in the world. There are more than 2.41 billion
people on this platform, interacting with others and sharing photos, opinions,
funny videos, and a lot more. Facebook’s net worth is somewhere around $140
billion, and it seems to only grow in the future. Facebook also owns Instagram
and WhatsApp, with more than a billion users on both platforms.

The numbers associated with the company are
mammoth, and even a fraction of change usually affects a lot of users and
businesses. People share all kinds of information about them on Facebook. Some
of that information can be extremely sensitive and personal. The onus comes on
Facebook that it respects user privacy and doesn’t let the information reach
anywhere the user doesn’t want to.

But there have been several instances
pointing toward Facebook failing to do so. Data breaches, opaque privacy
policies, and misuse of user information are some of the things for which
Facebook got in the headlines.

Facebook is so big that it can easily be used to sway opinions across a nation, bring governments down, affect elections, and so much more. Authorities across the world have acknowledged the issue and are making continuous efforts to shackle down the powers of this social media giant.

In this article, we will bring you across
some of the major events when Facebook was in the news, mostly for wrong reasons.
Our objective isn’t to portray Facebook in bad light but to create awareness.
One can’t trust an organization simply because it’s huge and has got a lot of
people associated with it. Even the ones with all the resources at their
disposal make blunders and it is the user who ends up paying for their

1. 2003- Facemash
was Zuckerberg’s first controversy:
In this article, you will go through
several incidents that involve Zuckerberg and privacy violations. But we also
think that this incident, entirely unrelated to Facebook, is worth a mention.

Mark Zuckerberg, the founder of Facebook,
created a site called Facemash while he was a student at Harvard. The site
would randomly show pictures of any two current Harvard students, and the
visitors were supposed to select the one they found more attractive.

Zuckerberg hacked into Harvard servers to
get hold of those and pictures, and therefore, one can call it Zuckerberg violating
online privacy of people for the first time. The site took no time to get
popular, and it wasn’t long before the authorities came to know about it. They
made him take down the website, and Zuckerberg apologized for his actions.

(Source: Mirror)

2. August 2007- They accidentally leaked
the source code:
Back in 2007, Facebook wasn’t even
close to the robustness of present Facebook. Everything is way more refined
now, especially when it comes to managing the code. Back then, they ended up
displaying the source code because of a misconfigured server.

Someone copied and published the code on a
blog created specifically for the purpose named Facebook Secrets. Facebook
later agreed to have such an issue and declared it wasn’t a security breach but
a misconfigured server that caused the problem. They also maintained that the
code didn’t give away any information that can compromise the platform.

(Source: Tech Crunch)

3. September 2007- Facebook allowed to
search for profiles on the platform using search engines:
The social media platform once again came under the radar of privacy
advocates when they made the profiles available for public search. It would
allow even those to find out Facebook profiles who are not on the platform.

Even though one would need to login to
Facebook to get additional information or interact with the person, a lot of
users deemed it a serious privacy breach.

(Source: BBC News)

4. June 2008- Canadian Internet Policy and Public Interest Clinic (CIPPIC)
filed a complaint against Facebook for breaking Canadian laws:
stated that Facebook doesn’t properly inform its users about how it shares
user’s personal information with third parties. The body also pointed out that
most of the privacy settings were set to public by default for any new account.
It leads to most of the users leaking out their personal information without having
any knowledge of it.

The privacy commissioner later confirmed
that a lot of the filed complaints were legitimate, and recommended changes.
Facebook accepted some of the changes proposed by the commissioner, but not all
of them.

(Source: itbusiness.ca)

5. February 2009- Facebook takes away
the right of users to delete personal information from the platform:
There were a lot of privacy concerns from users worldwide when
Facebook updated its ‘terms of service’ and acquired complete control over
anything that users post on the platform. Before the new provisions, users had
the option to remove all their personal information from the site whenever they
wanted. The modified terms allowed Facebook to use the information any way it
wants, even if the user has deleted the account.

Facebook stated that it needed such control
to function properly, and a lot of other services such as email enjoy a similar
control over user data. People upload personal information in various ways on
the platform, and someone else acquiring completer control over that
information can be frightening for individuals.

(Source: The Telegraph)

6. September 2009- Facebook was forced to shut down beacon since it invaded privacy
according to users:
Beacon was an advertising system implemented by
Facebook to post the details of user’s purchase on their social news feed.

Even though there was an option to opt-out
of the feature, users found it difficult to access it. A lot of them considered
it a privacy breach since they didn’t want the information about their
purchases to go public. A group of users even filed a lawsuit against the

(Source: The Telegraph)

7. February 2011- Facebook’s instant
personalization feature allowed affiliate websites to gain access to user
This feature of Facebook allowed other
sites to gain access to any information that users marked public. It included
the brands you have liked on the platform and some other information about your

The feature was turned on by default when
introduced on the platform. A lot of the then 500 million users had no clue of
Facebook sharing their personal information with other businesses. The annoying
fact about this feature was that you may still leak out some personal
information to corporate if your friends haven’t turned off the feature.

(Source: ZD Net)

8. November 2011- FTC reaches a
settlement with Facebook with regards to how it protects user privacy:
Amid various instances of Facebook not acting responsibly when it
came to user’s privacy, FTC reached a settlement with the social networking
company to ensure it does not further violate privacy of users. The settlement
contained various claims to keep a check on how the company modifies privacy
settings and statements.

There were reported to be several incidents
when Facebook was not so much transparent about data usage. It had to face a
lot of heat for changing privacy policies without informing users or notifying
them. The company would change its policy such that items that the user has
marked private would no longer be private, and the user wouldn’t even know
about it. Facebook app was also reported to gather a lot more data from user’s
phone than it was required to function.

Facebook was now required to get consent
before introducing any changes in the privacy statement, and they were asked to
undergo an independent privacy audit every 2 years for the next 20 years. Mark
Zuckerberg admitted that the company had made a “small number of high-profile mistakes.”

(Source: The Guardian)

9. June 2013- When Facebook was linked
with PRISM, the mass surveillance program:
were crazy days when Edward Snowden told the world about how US government
agencies invade privacy of their citizens. It included the mention of PRISM, a
program that would allow the officials to create a profile of anyone they want
using all of their online information and communication records.

Facebook was among the other larger
companies accused of allowing the government to access the user’s private
information. However, just like all those other companies, Facebook also denied
having any knowledge of PRISM or providing any back door access to government agencies.

(Source: The Verge)

10. February 2015- Facebook found
violating European law yet again:
The Belgian
privacy commission did not seem much satisfied with the freshly modified
privacy policy of Facebook. They mentioned the new policy as mere extension of
the previous one and that it was still violating the European consumer
protection law.

The report mentioned that users get
inadequate control over user-generated content used for commercial purposes and
that it was extremely difficult to navigate through the privacy settings on the
platform. They mentioned how the only way to stop Facebook app from collecting information
about your smartphone is to turn off the GPS entirely. It can easily be a hurdle
for someone who wants to use GPS facilities but does not want Facebook to know
about their location. However, the company stated that they are complying with
all the Belgian data protection laws.

(Source: The Guardian)

11. December 2015- Cambridge Analytica
and its use of Facebook data got in the public eye for the first time:
The Guardian published an article stating that it came across some
document which shows that psychological data harvested from Facebook, without
the permission of users, is being used in Ted Cruz’s presidential campaign.

The report also mentions the involvement of
Robert Mercer, a well-known Wall Street billionaire, and a Republican donor.
They pointed out that he is the one who funded the existence of Cambridge Analytica,
which is now assisting Ted Cruz’s presidential campaign with the use of
psychological data gathered from Facebook without letting the users know.

(Source: The Guardian)

12. February 2016- Facebook tried to
take control over the internet in India and failed miserably:
Facebook faced nationwide opposition on its proposal of providing
free internet to the people of India. What was earlier called ‘Internet Zero’
and later labeled ‘Free Basics,’ was nothing but Facebook’s attempt to take
over internet in India.

The company proposed to provide free
internet services to people. It would do so by making deals with local
telecommunication services and providing users with access to some of the basic
and popular websites and applications. However, this would have thrown the
small players out of the market, and all the websites and services encompassed within
the plan would have had no competition left.

However, India saw a widespread campaign
for net neutrality across the nation. Millions of petitions were sent to the
regulatory authority, and people were as outspoken as they can be about net
neutrality. They also discussed how Free Basics was nothing but a trap to a
smaller internet.

After a long and grueling 11-months battle,
the citizens finally got what they were demanding. Facebook wasn’t allowed to
provide internet services in the nation, and the verdict went in favor of net

(Source: The Guardian)

13. May 2016- Facebook’s trending news
section gets under the radar of the US authorities:
Reports from several media houses suggesting that Facebook might
have been handpicking items for its trending news section make the Senate
launch an inquiry into the issue. Gizmodo published a news article that had a
former news curator at Facebook telling how news favoring conservatives were
suppressed. The article had also interview excerpts of other former curators
with some denying and some accepting the bias.

A few days later, The Guardian published a
document that pointed out the heavy involvement of human curators when it comes
to managing section. Since Facebook had such a large userbase, a customized
trending news section can have some serious impacts how political views mold in
the country. Following the two stories, the senate decided to launch an inquiry
into the matter.

In response to the allegations, Facebook
launched the set of guidelines it uses to manage its trending news section and
insisted that they have a robust mechanism to ensure all the viewpoints get
their fair share of exposure.

(Source: Digg, Gizmodo, The Guardian)

14. May 2017- Facebook kept on failing in its attempts to battle fake news: Fake
news has been a major area of concern for Facebook for long. It was a hot topic
during US presidential elections and was subsequently a major issue in a lot of
other countries. Facebook seemed concerned over the matter but failed to tackle
the menace. The spread of misinformation affected countries such as Germany
too. A lot of hate sentiments were stirred up in the country with the help of
fake news. Barak Obama also raised concerns regarding fake news before the end
of his term as the US President.

Facebook put in place a fact-checking
system that was supposed to inform users about the not-so credible news stories
and keep them from going viral. However, things were going only south for the
social media behemoth as either the system was too late to report the news or ended
up catalyzing the spread of rumor.

(Source: The Guardian)

15. September 2017- Facebook unearths a
possible Russian involvement in the US elections:
handed over evidence related to 3,000 ads on the platform, which seemed to have
connections with Russia and presidential elections in the US. Facebook said the
ads were not very specific about any political figures but involved topics such
as immigration, race, and equal rights. They reported total spending of
$100,000 on the ads over two years.

(Source: BBC)

16. September 2017- Huge differences
between Facebook Ad Manager’s claims and consensus data:
Facebook got into news again when a research analyst pointed out
huge differences between what Facebook claims and what consensus data of US
says. Facebook’s Ad Manager claimed to be able to reach out to almost 41
million people in the US aged between 18-24. On the contrary, the census data
from the time reports having only 31 million people in the country aged in that

A similar issue was observed when it came
to the demographic aged between 25 to 34-year-olds. While Facebook’s Ad Manager
claimed that it could reach out to 60 million such people, the census said
there were only 45 million such people in the nation.

There were multiple possibilities for such
a difference. It could’ve been a bug, people creating multiple accounts, use of
VPNs, etc. But the news sowed some questions in the minds of marketers who rely
on Facebook for advertisements.

(Source: The Wall Street Journal)

17. September 2017- Spanish authorities
fined Facebook
€1.2 million for
opaque privacy statements and unfair data collection methods:
The fine came after the authorities found out a lot of
irregularities in the way Facebook collects data from users.

They stated that the social media giant
collects user data on subjects such as sex, belief, ideology, and many other
things either directly or indirectly through third-party apps. The user often
has no clue about the data collection and is tricked into giving consent for it.
The company doesn’t make it clear why it is collecting such information and
what will it do with it.

Data collection continues even when the
user is not logged into the Facebook account via webpages that have the
Facebook like button. They also mentioned that even the users without any
Facebook account are not safe from such data mining.

They also noticed issues when it comes to
deleting stored information from their server. The company would have the data
for 17 months with the use of cookies.

The official reply from Facebook stated
that they followed the European regulations and would challenge the fine. Even
though the fined amount was a mere straw to Facebook’s haystack of money, it was
the damage to its reputation which was a much bigger concern.

(Source: Tech Crunch)

18. March 2018- Whistleblower
Christopher Wylie told the world that Cambridge Analytica used illegally
acquired Facebook data to aid Trump’s campaign:
didn’t look so bright for Facebook at this point. Big media houses covered news
stories that mentioned the use of data from around 50 million Facebook profiles
by Cambridge Analytica. The number was later revised to 87 million.

Wylie, who was once an employee in
Cambridge Analytica, mentioned how the data was falsely acquired and then
misused to reap political benefits. He mentioned how the information gained
from a user’s profile could be used to manipulate them politically with the use
of specific advertisements.
(Source: The Guardian)

19. March 2018- FTC launches an inquiry
against Facebook to monitor its involvement in the Cambridge Analytica case:
Things start getting messy for Facebook around this time when
Federal Trade Commission decides to find out if the company violated any clause
of the privacy protection settlement it made with authorities in 2011. Company
share prices recorded a significant drop after this news.

(Source: The Washington Post)

20. April 2018- Facebook enters yet
another privacy controversy over the use of face-scanning technology:
One ruling in Illinois posed some questions over the storage and use
of biometric data of users without their consent. Facebook uses DeepFace
technology to scan different photos of the user and subsequently provide better
suggestions when it comes to tagging people in photos posted on the platform.
The law prohibits organizations from storing biometric information of users
without their approval. However, Facebook said that there was nothing of
essence in the allegations and asked for individual examples to show any damage
done to individuals with the use of technology. The mere discussion of another
possible privacy breach seemed enough to affect their brand value this time.

(Source: Investopedia)

21. April 2018- Zuckerberg had to
testify in front of Congress:
Following what all
unfolded in the Cambridge Analytica scandal, Zuckerberg was asked to be present
in two congressional hearings in the month. The senators asked some serious and
difficult questions from the young billionaire. Zuckerberg faced Senate
Judiciary and Commerce Committees on one day and House Energy and Commerce
Committee on the other.

(Source: CNBC)

22. May 2018- Facebook fined $122
million for matching user accounts of Facebook and WhatsApp:
When Facebook acquired WhatsApp in 2014, they rejected any speculations
of matching user data on the two platforms. The statement was made to the
European Commission in the merger review process of 2014. The commission points
out that the possibilities of such a thing happening existed at that time, and
the company officials were well aware of it.

As a result, the company was fined for
providing incorrect information at the time of the merger review process.
Facebook’s reply that it was an error from their part didn’t seem to impress
anyone at the time. Facebook was also forced to stop the data flow between the
two platforms in the region.

(Source: Tech Crunch)

23. July 2018- Facebook fined £500,000 for the
Cambridge Analytica saga:
The company was fined
on the grounds of failure to keep user’s data safe and for not being able to
tell users how their data is used. The fined amount can’t bother Facebook much,
but it is expected to have some serious impact on their reputation and public

If the breach were to take
place after the introduction of GDPR, then the amount could’ve been somewhere
around £1.4 billion. Guess the verdict was somewhat of a bittersweet thing for
the social media giant.

(Source: The Guardian)

24. September 2018- 50 million Facebook
accounts got exposed in a data breach:
If someone
thought that things couldn’t get worse than this for Facebook, then they were
wrong. The social networking website witnesses the biggest ever data breach
since it came into existence. The hackers exploited Facebook’s code to gain
access such a big number of user accounts.

(Source: The New York Times)

25. March 2019- Facebook faces a lot of
criticism for not being able to ban the Christchurch shooting video promptly:
The horrific events that unfolded in New Zealand involving the death
of 51 people posed a lot of questions an all the big social networking
platforms. More and more antisocial elements are using these platforms to
spread hate and promote unlawful activities. The Christchurch shooting was live-streamed
on Facebook for 17 minutes before the moderators were able to take it down.

Even after the original video got banned,
there were multiple versions of the original video circulating on the platform
for a long duration. The inability of Facebook to have a strict moderating and
monitoring system in place to prevent such incidents made it face criticism
from authorities and public alike.

Facebook came up with stricter provisions
for live streaming almost two months later. The new rules involved suspending
users from accessing the service and having a one-strike policy. However, the
measures were still considered insufficient by a lot of people. Some of them
even maintained that there is no way of keeping the dark aspects of human
nature away from the platform.

(Source: Bloomberg, The New York Times)

26. March 2019Facebook admits storing millions of passwords in plain text: The
company seems to be finding it difficult to stay away from controversies. They
mentioned in a blog post that a bug caused hundreds of millions of passwords to
be stored in plain text form for years. Even though officials came to notice
the bug in January, they brought it to the public’s attention only two months

The bug dates back to 2012. The blog also
says that there were no findings to indicate any improper access, but there was
no mention of how they reached such a conclusion. Facebook said that they would
notify the affected users of Facebook, Facebook Lite, and Instagram about the

(Source: Facebook Newsroom)

27. April 2019- Yet another incident
showcase how vulnerable user data is with Facebook and third-party
More than 540 million records of
Facebook users were found unsafe and out in the open on the internet. These
data records from two Facebook apps which put them on unsecured servers.

The two apps named ‘Cultura Colectiva’ and
‘At the Pool’ had data collected data from Facebook users. Cultura Colectiva
had a bigger share in this unsafe data pool. The information they had included
comments, like, Facebook ids, etc. While some users might not consider it as sensitive
information, it can still cause pretty significant damage, especially when the
set is so huge.

At the Pool seemed to have a lot more
sensitive information compared to the other application. It contained
information related to friends, interests, photos, email ids, etc. Even
passwords were stored in plain text. While the passwords could’ve been for the
app and not Facebook, there are still a lot of people out who use the same
password across all their accounts.

The most noticeable part about this whole
case is that it took months before the whole situation was taken care of, once
the issue was reported.

(Source: UpGuard)

28. April 2019- Facebook acquired email
accounts of 1.5 million users without letting them know:
This is now the point of time when people are no more surprised to
hear about privacy breaches from Facebook. This incident involved the company
asking for email passwords when a new user signs up. And once the user enters
the email passwords, the application would import contacts saved in the email
account without asking for the user’s permission.

Facebook mentioned that this unintentional
process happened as they eliminated the email password verification when
someone signs up on the platform. It is only one of the many privacy blunders
that Facebook made in 2019.

(Source: Forbes)

29. May 2019- Turkish authority slaps a fine of $270,000 on Facebook for
privacy breaches:
In September 2018, Facebook had an API bug that allowed
third-party applications to access user photos over 12 days. It affected around
300,000 citizens across the middle eastern nation.

The country’s personal data protection
authority found Facebook guilty of failing to react promptly to fix the issue,
and not reaching out to the Turkish authorities to inform about the bug as soon
as the found out about it.

(Source: RT)


  1. Mirror
  2. Tech
  3. BBC News
  4. itbusiness.ca
  5. The
  6. The
  7. ZD
  8. The
  9. The
  10. The
  11. The
  12. The
  13. Digg,
  14. The
  15. BBC
  16. The
    Wall Street Journal
  17. Tech
  18. The
  19. The
    Washington Post
  20. Investopedia
  21. CNBC
  22. Tech
  23. The Guardian
  24. The
    New York Times
  25. Bloomberg,
    New York Times
  26. Facebook
  27. UpGuard
  28. Forbes
  29. RT
Kim Martin Administrator
Sorry! The Author has not filled his profile.
follow me
    Like this post? Please share to your friends: