What Is The Security Issue In Facebook And How To Solve

Starting from 2018, Facebook has been reported with a list of security issues and privacy outrages. Here we discuss some of the prominent security and data privacy issues related to this popular social media platform and try to understand if the users can do something about them.

In February 2018, Belgium and German Courts found Facebook guilty of violating privacy laws. In the same month, Facebook admitted that it had harvested 2FA numbers for the purpose of advertising. However, the first one of the security breach issue with Facebook broke out on March 19, 2018.

A political data analytics company called Cambridge Analytica made use of a legitimate third party app to gather Facebook user data. As many as 270,000 people downloaded the app willingly. However, the access was misused and the data was unlawfully supplied to Cambridge Analytica to construct political profiles on over 50 million users for the sake of influencing the elections around the globe.


Following a series of investigations into the social media platform’s data sharing issue and control over third party access, Facebook launched an expanded bug bounty and new privacy controls. Facebook also came forward to regulate the social network and expressed its willingness to work with lawmakers to implement the regulations that would put the users in peace.

In January 2019, Facebook was found to have exploited a loophole in Apple’s iOS policies and circulating a research app under an enterprise certificate. Enabled by this certificate, the app could take roots into the user’s device and harvest information regarding location, messages and media from third party apps.

In February 2019, it was found that a huge volume of internal Facebook email messages were leaked out and also brought to surface, a secret program that the company had planned that will match the location data of the users of Android phones to cell site IDs for offering location-aware products. In March 2019, Zuckerberg accepted publicly that the company was falling short of measures to protect the user privacy and promised that Facebook would henceforth become a privacy-focused platform.


Two weeks following the promise made by Facebook founder, Facebook disclosed that over 600 million passwords of the users of the platform had been found stored as plaintext. The fact came to the surface that for more than 7 years, the passwords were left exposed to the insiders in the firm. Reacting to this, Facebook said the passwords were never visible for people outside the company and there had been no evidence that anyone inside the company ever abused the passwords in order to gain access into the user accounts.

Measures to minimize the risk of Facebook security threats

Jake Moore, a cyber-security specialist at ESET, says, "It is a great time for users to jump across to an authenticator app which doesn’t require a verifying SMS which could potentially get intercepted."


Ethical hacker John Opdenakker says, “In general it's best not to provide your phone number to online applications, period. However, a lot of services, unfortunately, require phone numbers for password reset or to enable two-factor authentication (2FA) which throws a spanner in the security advice works. If you enable 2FA, then always opt for an authenticator app or hardware security key."