Facebook can’t seem to get through a week without another scandal popping up.
On Tuesday night, the tech giant’s woes continued to grow after The New York Times reported that Facebook gave companies such as Netflix, Spotify and Microsoftthan the social network had previously disclosed. Among the details: some companies reportedly could “read, write and delete users’ private messages,” The Times reported.
The deals with Facebook made the services sold by partner companies more attractive. For Facebook, the deals were designed to help fuel its user growth and advertising revenue. By 2013, Facebook had entered into so many partnerships that its employees had trouble tracking them, according to The Times. So the company built a tool that tracked which partners were granted access to data and could turn that access on or off, according to the report.
The report reinforces how valuable user data is to Facebook, which makes billions of dollars from showing ads. It also raised more questions about whether the world’s largest social network is doing enough to inform users about the data it shares and how that data is being used. Facebook acknowledged in a blog post it gave tech firms access to user data but has denied it did so without users’ permission.
Then on Wednesday, DC Attorney General Karl Racine announced he wasover alleged privacy violations.
The company that CEOstarted in his Harvard dorm room is facing the toughest stretch of its 14-year history.
After Facebook became an unwitting aid induring the 2016 US presidential election, it didn’t look like things could get any worse for the company. But this year, its problems only grew bigger.
Facebook has had to contend with, the spread of disinformation on its platform, and allegations that it’s helped spur genocide in Myanmar.
Internally, Facebook hasn’t fared much better. The company’s leadership has faced intense scrutiny over how it responded to a series of scandals, including election meddling and data privacy concerns.
Here’s a look at the biggest scandals that’ve rocked the social media giant.
Data breaches, bugs and misuse
The scandal that kicked it all off was Cambridge Analytica. In March, a joint investigation by The New York Times, the Guardian and the Observer revealed that a UK-based consultancy with ties to Donald Trump’s presidential campaign had misused the data of tens of thousands of Facebook’s more than 2 billion users.
The trail allegedly leads back to a Cambridge professor named Aleksandr Kogan, who created an app called “thisisyourdigitallife,” a personality quiz that was billed as “a research app used by psychologists.” He legitimately gained access to information on 270,000 accounts through Facebook’s Login feature, which lets people use their Facebook account to log in to outside apps so they don’t have to create new usernames and passwords. But he broke Facebook’s rules by sharing the data with Cambridge Analytica.
The investigative report set off a firestorm over how Facebook handles people’s personal information. What made it worse: Zuckerberg and Facebook COO Sheryl Sandberg remained silent for days before commenting on the scandal. Eventually, Facebook admitted that the scope of the problem was larger than once thought. It was originally reported that the incident affected 50 million users. Turns out it was 87 million. Facebook later built a tool to let people know if their data had been accessed.
‘View as’ data breach
As if that wasn’t enough, Facebook in September disclosed a breach that affected 50 million people on the social network. The vulnerability stemmed from Facebook’s “view as” feature, which lets people see what their profiles look like to other people. Attackers exploited code associated with the feature and were able to steal “access tokens” they could use to take over people’s accounts. Though access tokens aren’t your password, they let people log in to accounts without needing it.
Two weeks later, Facebook said the data of 29 million people had been stolen, including names, email addresses and phone numbers. For 14 million of the people, hackers also nabbed birth date, hometown and workplace, along with most-recent searches or places the people had checked in to on the social network.
Later on, Facebook said it thought spammers masquerading as a digital marketing company were behind the security breach, and not hackers working for a nation-state.
On Dec. 14, Facebook disclosed its latest breach. A bug on the social network exposed 6.8 million people’s photos to outside developers. The developers could see the photos if users uploaded them to the social network, even if the users didn’t actually post them.
Facebook’s problems didn’t stop there. On Dec. 18, The New York Times reported on how much user data Facebook provided to some of its partners. Netflix, Spotify and the Royal Bank of Canada could read users’ private messages, the Times said. Microsoft could reportedly see the names of all the friends tied to a Facebook user without that user’s permission. And Amazon reportedly had the ability to view users’ names and contact information through their friends.
The list went on. Yahoo could read the real-time feeds of friends’ posts. Apple could access the calendar entries and contact numbers of people who disabled all sharing through their accounts. Even The New York Times had access to a users’ friends list as part of an article-sharing app it shut down in 2011.
The deals, which helped more than 150 companies, dated back to 2010 but were still active in 2017.
The tech firm may have violated a 2011it had with the Federal Trade Commission to protect user data. The “consent decree” barred Facebook from sharing user data with third parties without their permission. Facebook, though, argues its data partnerships were exempted from the consent decree but former FTC and officials told The Times it disagreed with that interpretation.
Leadership and culture woes
Facebook’s endless list of scandals not only appeared to be taking a toll on employee morale, but it also raised questions about the company’s culture and whether its executives should be fired.
After the Cambridge Analytica scandal, a leaked 2016 memo from Facebook executive Andrew “Boz” Bosworth suggested the company prized growth above user safety.
Even when Zuckerberg tried to explain how his company handles fake news and hate speech, his remarks sparked more criticism. In July, the tech mogul clarified that he found Holocaust denial “deeply offensive” after suggesting such content shouldn’t be pulled from the platform.
A leadership shake-up
Meanwhile, founders at companies owned by Facebook continued to head for the exit amid tensions with Zuckerberg and the parent company. That included WhatsApp co-founder and CEO Jan Koum; Instagram co-founder and CEO Kevin Systrom and Chief Technical Officer Mike Krieger; and Oculus co-founder Brendan Iribe.
But Facebook’s prior executive departures also came back to haunt the company. WhatsApp co-founder Brian Acton, who left Facebook last year, not only urged the public to #DeleteFacebook but later also.
Internally, Facebook tried to assure its employees it tolerated diverse political views, including from conservatives. Facebook pushed back against a report that it fired Oculus co-founder Palmer Luckey, who donated $10,000 to an anti-Hillary Clinton group during the 2016 presidential election, for his political views.
Response to scandals
Then in November, The New York Times published an investigation into how the company’s executives handled a series of scandals over the last three years. Executives “delayed, denied and deflected,” the report said.
Facebook also resorted to “aggressive” lobbying tactics and tapped its Washington connections to shift blame to tech rivals and ward off critics. The company hired a firm known for opposition research, Definers Public Affairs, which tried to discredit Facebook’s critics by linking them to liberal billionaire George Soros.
It turned out Sandberg asked her staff to look into Soros’ financial motivations after he called companies like Facebook and Google a “menace” during a speech at the World Economic Forum in Davos, Switzerland. Facebook’s board defended Sandberg’s actions, but by then her image had been tarnished.
And just when it seemed things couldn’t get any worse for Facebook, former employee Mark Luckie accused the company of having a “black people problem” and failing its black users.
As Facebook’s scandals piled up, lawmakers and governments were also under growing pressure to take action.
After the Cambridge Analytica scandal, Zuckerberg made his first appearance before Congress to answer questions from US lawmakers. For the most part, the tech mogul walked away unscathed after more than five hours of grilling. The line of questioning, though, illustrated that lawmakers still had a lot to learn about the industry they’re trying to regulate. Facebook’s apology tour continued in September when Sandberg testified before Congress.
Hate speech and misinformation abroad
In Myanmar, Facebook was under fire for the role it played in spreading hate speech that fueled what human rights organizations called ethnic cleansing targeting Rohingya Muslims. WhatsApp was also reportedly being used to spread misinformation in Brazil and Nigeria. Meanwhile, ahead of the US midterm elections, Facebook was trying to combat disinformation campaigns that appeared to be coming from Russia, Iran and other countries.
In Europe, lawmakers and regulators were digging into the company’s data practices. Italian regulators fined Facebook $11.4 million for misleading users about how their data is used.
And in a rare move, the UK Parliament seized internal Facebook e-mails and documents that were part of a lawsuit involving now-defunct app developer Six4Three. The documents reinforced the public’s privacy concerns about the social network, which has denied selling user data.
Critics argued that Facebook, which makes billions of dollars from advertising, not only lacked an “ethical roadmap” but also had a history of placing its profit before user privacy.
Facebook didn’t immediately respond to a request for comment.
First published Dec. 14, 5:12 p.m. PT
Update, Dec. 19 at 12:25 p.m.: Reflects Dec. 18 New York Times report and DC lawsuit.
Update, Dec. 19 at 1:52 p.m.: Includes more background about Facebook’s data sharing partnerships.
The Honeymoon Is Over: Everything you need to know about why tech is under Washington’s microscope.
Infowars and Silicon Valley: Everything you need to know about the tech industry’s free speech debate.