A Timeline of Facebook Controversies, Scandals, Privacy Concerns, and Data Breaches

Facebook is inarguably one of the biggest social networking websites in the world. There are more than 2.41 billion people on this platform, interacting with others and sharing photos, opinions, funny videos, and a lot more. Facebook’s net worth is somewhere around $140 billion, and it seems to only grow in the future. Facebook also owns Instagram and WhatsApp, with more than a billion users on both platforms.

The numbers associated with the company are mammoth, and even a fraction of change usually affects a lot of users and businesses. People share all kinds of information about them on Facebook. Some of that information can be extremely sensitive and personal. The onus comes on Facebook that it respects user privacy and doesn’t let the information reach anywhere the user doesn’t want to.

But there have been several instances pointing toward Facebook failing to do so. Data breaches, opaque privacy policies, and misuse of user information are some of the things for which Facebook got in the headlines.

Facebook is so big that it can easily be used to sway opinions across a nation, bring governments down, affect elections, and so much more. Authorities across the world have acknowledged the issue and are making continuous efforts to shackle down the powers of this social media giant.

In this article, we will bring you across some of the major events when Facebook was in the news, mostly for wrong reasons. Our objective isn’t to portray Facebook in bad light but to create awareness. One can’t trust an organization simply because it’s huge and has got a lot of people associated with it. Even the ones with all the resources at their disposal make blunders and it is the user who ends up paying for their mistakes.

1. 2003- Facemash was Zuckerberg’s first controversy: In this article, you will go through several incidents that involve Zuckerberg and privacy violations. But we also think that this incident, entirely unrelated to Facebook, is worth a mention.

Mark Zuckerberg, the founder of Facebook, created a site called Facemash while he was a student at Harvard. The site would randomly show pictures of any two current Harvard students, and the visitors were supposed to select the one they found more attractive.

Zuckerberg hacked into Harvard servers to get hold of those and pictures, and therefore, one can call it Zuckerberg violating online privacy of people for the first time. The site took no time to get popular, and it wasn’t long before the authorities came to know about it. They made him take down the website, and Zuckerberg apologized for his actions.

(Source: Mirror)

2. August 2007- They accidentally leaked the source code: Back in 2007, Facebook wasn’t even close to the robustness of present Facebook. Everything is way more refined now, especially when it comes to managing the code. Back then, they ended up displaying the source code because of a misconfigured server.

Someone copied and published the code on a blog created specifically for the purpose named Facebook Secrets. Facebook later agreed to have such an issue and declared it wasn’t a security breach but a misconfigured server that caused the problem. They also maintained that the code didn’t give away any information that can compromise the platform.

(Source: Tech Crunch)

3. September 2007- Facebook allowed to search for profiles on the platform using search engines: The social media platform once again came under the radar of privacy advocates when they made the profiles available for public search. It would allow even those to find out Facebook profiles who are not on the platform.

Even though one would need to login to Facebook to get additional information or interact with the person, a lot of users deemed it a serious privacy breach.

(Source: BBC News)

4. June 2008- Canadian Internet Policy and Public Interest Clinic (CIPPIC) filed a complaint against Facebook for breaking Canadian laws: CIPPIC stated that Facebook doesn’t properly inform its users about how it shares user’s personal information with third parties. The body also pointed out that most of the privacy settings were set to public by default for any new account. It leads to most of the users leaking out their personal information without having any knowledge of it.

The privacy commissioner later confirmed that a lot of the filed complaints were legitimate, and recommended changes. Facebook accepted some of the changes proposed by the commissioner, but not all of them.

(Source: itbusiness.ca)

5. February 2009- Facebook takes away the right of users to delete personal information from the platform: There were a lot of privacy concerns from users worldwide when Facebook updated its ‘terms of service’ and acquired complete control over anything that users post on the platform. Before the new provisions, users had the option to remove all their personal information from the site whenever they wanted. The modified terms allowed Facebook to use the information any way it wants, even if the user has deleted the account.

Facebook stated that it needed such control to function properly, and a lot of other services such as email enjoy a similar control over user data. People upload personal information in various ways on the platform, and someone else acquiring completer control over that information can be frightening for individuals.

(Source: The Telegraph)

6. September 2009- Facebook was forced to shut down beacon since it invaded privacy according to users: Beacon was an advertising system implemented by Facebook to post the details of user’s purchase on their social news feed.

Even though there was an option to opt-out of the feature, users found it difficult to access it. A lot of them considered it a privacy breach since they didn’t want the information about their purchases to go public. A group of users even filed a lawsuit against the company.

(Source: The Telegraph)

7. February 2011- Facebook’s instant personalization feature allowed affiliate websites to gain access to user information: This feature of Facebook allowed other sites to gain access to any information that users marked public. It included the brands you have liked on the platform and some other information about your preferences.

The feature was turned on by default when introduced on the platform. A lot of the then 500 million users had no clue of Facebook sharing their personal information with other businesses. The annoying fact about this feature was that you may still leak out some personal information to corporate if your friends haven’t turned off the feature.

(Source: ZD Net)

8. November 2011- FTC reaches a settlement with Facebook with regards to how it protects user privacy: Amid various instances of Facebook not acting responsibly when it came to user’s privacy, FTC reached a settlement with the social networking company to ensure it does not further violate privacy of users. The settlement contained various claims to keep a check on how the company modifies privacy settings and statements.

There were reported to be several incidents when Facebook was not so much transparent about data usage. It had to face a lot of heat for changing privacy policies without informing users or notifying them. The company would change its policy such that items that the user has marked private would no longer be private, and the user wouldn’t even know about it. Facebook app was also reported to gather a lot more data from user’s phone than it was required to function.

Facebook was now required to get consent before introducing any changes in the privacy statement, and they were asked to undergo an independent privacy audit every 2 years for the next 20 years. Mark Zuckerberg admitted that the company had made a “small number of high-profile mistakes.”

(Source: The Guardian)

9. June 2013- When Facebook was linked with PRISM, the mass surveillance program: Those were crazy days when Edward Snowden told the world about how US government agencies invade privacy of their citizens. It included the mention of PRISM, a program that would allow the officials to create a profile of anyone they want using all of their online information and communication records.

Facebook was among the other larger companies accused of allowing the government to access the user’s private information. However, just like all those other companies, Facebook also denied having any knowledge of PRISM or providing any back door access to government agencies.

(Source: The Verge)

10. February 2015- Facebook found violating European law yet again: The Belgian privacy commission did not seem much satisfied with the freshly modified privacy policy of Facebook. They mentioned the new policy as mere extension of the previous one and that it was still violating the European consumer protection law.

The report mentioned that users get inadequate control over user-generated content used for commercial purposes and that it was extremely difficult to navigate through the privacy settings on the platform. They mentioned how the only way to stop Facebook app from collecting information about your smartphone is to turn off the GPS entirely. It can easily be a hurdle for someone who wants to use GPS facilities but does not want Facebook to know about their location. However, the company stated that they are complying with all the Belgian data protection laws.

(Source: The Guardian)

11. December 2015- Cambridge Analytica and its use of Facebook data got in the public eye for the first time: The Guardian published an article stating that it came across some document which shows that psychological data harvested from Facebook, without the permission of users, is being used in Ted Cruz’s presidential campaign.

The report also mentions the involvement of Robert Mercer, a well-known Wall Street billionaire, and a Republican donor. They pointed out that he is the one who funded the existence of Cambridge Analytica, which is now assisting Ted Cruz’s presidential campaign with the use of psychological data gathered from Facebook without letting the users know.

(Source: The Guardian)

12. February 2016- Facebook tried to take control over the internet in India and failed miserably: Facebook faced nationwide opposition on its proposal of providing free internet to the people of India. What was earlier called ‘Internet Zero’ and later labeled ‘Free Basics,’ was nothing but Facebook’s attempt to take over internet in India.

The company proposed to provide free internet services to people. It would do so by making deals with local telecommunication services and providing users with access to some of the basic and popular websites and applications. However, this would have thrown the small players out of the market, and all the websites and services encompassed within the plan would have had no competition left.

However, India saw a widespread campaign for net neutrality across the nation. Millions of petitions were sent to the regulatory authority, and people were as outspoken as they can be about net neutrality. They also discussed how Free Basics was nothing but a trap to a smaller internet.

After a long and grueling 11-months battle, the citizens finally got what they were demanding. Facebook wasn’t allowed to provide internet services in the nation, and the verdict went in favor of net neutrality.

(Source: The Guardian)

13. May 2016- Facebook’s trending news section gets under the radar of the US authorities: Reports from several media houses suggesting that Facebook might have been handpicking items for its trending news section make the Senate launch an inquiry into the issue. Gizmodo published a news article that had a former news curator at Facebook telling how news favoring conservatives were suppressed. The article had also interview excerpts of other former curators with some denying and some accepting the bias.

A few days later, The Guardian published a document that pointed out the heavy involvement of human curators when it comes to managing section. Since Facebook had such a large userbase, a customized trending news section can have some serious impacts how political views mold in the country. Following the two stories, the senate decided to launch an inquiry into the matter.

In response to the allegations, Facebook launched the set of guidelines it uses to manage its trending news section and insisted that they have a robust mechanism to ensure all the viewpoints get their fair share of exposure.

(Source: Digg, Gizmodo, The Guardian)

14. May 2017- Facebook kept on failing in its attempts to battle fake news: Fake news has been a major area of concern for Facebook for long. It was a hot topic during US presidential elections and was subsequently a major issue in a lot of other countries. Facebook seemed concerned over the matter but failed to tackle the menace. The spread of misinformation affected countries such as Germany too. A lot of hate sentiments were stirred up in the country with the help of fake news. Barak Obama also raised concerns regarding fake news before the end of his term as the US President.

Facebook put in place a fact-checking system that was supposed to inform users about the not-so credible news stories and keep them from going viral. However, things were going only south for the social media behemoth as either the system was too late to report the news or ended up catalyzing the spread of rumor.

(Source: The Guardian)

15. September 2017- Facebook unearths a possible Russian involvement in the US elections: Facebook handed over evidence related to 3,000 ads on the platform, which seemed to have connections with Russia and presidential elections in the US. Facebook said the ads were not very specific about any political figures but involved topics such as immigration, race, and equal rights. They reported total spending of $100,000 on the ads over two years.

(Source: BBC)

16. September 2017- Huge differences between Facebook Ad Manager’s claims and consensus data: Facebook got into news again when a research analyst pointed out huge differences between what Facebook claims and what consensus data of US says. Facebook’s Ad Manager claimed to be able to reach out to almost 41 million people in the US aged between 18-24. On the contrary, the census data from the time reports having only 31 million people in the country aged in that group.

A similar issue was observed when it came to the demographic aged between 25 to 34-year-olds. While Facebook’s Ad Manager claimed that it could reach out to 60 million such people, the census said there were only 45 million such people in the nation.

There were multiple possibilities for such a difference. It could’ve been a bug, people creating multiple accounts, use of VPNs, etc. But the news sowed some questions in the minds of marketers who rely on Facebook for advertisements.

(Source: The Wall Street Journal)

17. September 2017- Spanish authorities fined Facebook €1.2 million for opaque privacy statements and unfair data collection methods: The fine came after the authorities found out a lot of irregularities in the way Facebook collects data from users.

They stated that the social media giant collects user data on subjects such as sex, belief, ideology, and many other things either directly or indirectly through third-party apps. The user often has no clue about the data collection and is tricked into giving consent for it. The company doesn’t make it clear why it is collecting such information and what will it do with it.

Data collection continues even when the user is not logged into the Facebook account via webpages that have the Facebook like button. They also mentioned that even the users without any Facebook account are not safe from such data mining.

They also noticed issues when it comes to deleting stored information from their server. The company would have the data for 17 months with the use of cookies.

The official reply from Facebook stated that they followed the European regulations and would challenge the fine. Even though the fined amount was a mere straw to Facebook’s haystack of money, it was the damage to its reputation which was a much bigger concern.

(Source: Tech Crunch)

18. March 2018- Whistleblower Christopher Wylie told the world that Cambridge Analytica used illegally acquired Facebook data to aid Trump’s campaign: Future didn’t look so bright for Facebook at this point. Big media houses covered news stories that mentioned the use of data from around 50 million Facebook profiles by Cambridge Analytica. The number was later revised to 87 million.

Wylie, who was once an employee in Cambridge Analytica, mentioned how the data was falsely acquired and then misused to reap political benefits. He mentioned how the information gained from a user’s profile could be used to manipulate them politically with the use of specific advertisements.
(Source: The Guardian)

19. March 2018- FTC launches an inquiry against Facebook to monitor its involvement in the Cambridge Analytica case: Things start getting messy for Facebook around this time when Federal Trade Commission decides to find out if the company violated any clause of the privacy protection settlement it made with authorities in 2011. Company share prices recorded a significant drop after this news.

(Source: The Washington Post)

20. April 2018- Facebook enters yet another privacy controversy over the use of face-scanning technology: One ruling in Illinois posed some questions over the storage and use of biometric data of users without their consent. Facebook uses DeepFace technology to scan different photos of the user and subsequently provide better suggestions when it comes to tagging people in photos posted on the platform. The law prohibits organizations from storing biometric information of users without their approval. However, Facebook said that there was nothing of essence in the allegations and asked for individual examples to show any damage done to individuals with the use of technology. The mere discussion of another possible privacy breach seemed enough to affect their brand value this time.

(Source: Investopedia)

21. April 2018- Zuckerberg had to testify in front of Congress: Following what all unfolded in the Cambridge Analytica scandal, Zuckerberg was asked to be present in two congressional hearings in the month. The senators asked some serious and difficult questions from the young billionaire. Zuckerberg faced Senate Judiciary and Commerce Committees on one day and House Energy and Commerce Committee on the other.

(Source: CNBC)

22. May 2018- Facebook fined $122 million for matching user accounts of Facebook and WhatsApp: When Facebook acquired WhatsApp in 2014, they rejected any speculations of matching user data on the two platforms. The statement was made to the European Commission in the merger review process of 2014. The commission points out that the possibilities of such a thing happening existed at that time, and the company officials were well aware of it.

As a result, the company was fined for providing incorrect information at the time of the merger review process. Facebook’s reply that it was an error from their part didn’t seem to impress anyone at the time. Facebook was also forced to stop the data flow between the two platforms in the region.

(Source: Tech Crunch)

23. July 2018- Facebook fined £500,000 for the Cambridge Analytica saga: The company was fined on the grounds of failure to keep user’s data safe and for not being able to tell users how their data is used. The fined amount can’t bother Facebook much, but it is expected to have some serious impact on their reputation and public perception.

If the breach were to take place after the introduction of GDPR, then the amount could’ve been somewhere around £1.4 billion. Guess the verdict was somewhat of a bittersweet thing for the social media giant.

(Source: The Guardian)

24. September 2018- 50 million Facebook accounts got exposed in a data breach: If someone thought that things couldn’t get worse than this for Facebook, then they were wrong. The social networking website witnesses the biggest ever data breach since it came into existence. The hackers exploited Facebook’s code to gain access such a big number of user accounts.

(Source: The New York Times)

25. March 2019- Facebook faces a lot of criticism for not being able to ban the Christchurch shooting video promptly: The horrific events that unfolded in New Zealand involving the death of 51 people posed a lot of questions an all the big social networking platforms. More and more antisocial elements are using these platforms to spread hate and promote unlawful activities. The Christchurch shooting was live-streamed on Facebook for 17 minutes before the moderators were able to take it down.

Even after the original video got banned, there were multiple versions of the original video circulating on the platform for a long duration. The inability of Facebook to have a strict moderating and monitoring system in place to prevent such incidents made it face criticism from authorities and public alike.

Facebook came up with stricter provisions for live streaming almost two months later. The new rules involved suspending users from accessing the service and having a one-strike policy. However, the measures were still considered insufficient by a lot of people. Some of them even maintained that there is no way of keeping the dark aspects of human nature away from the platform.

(Source: Bloomberg, The New York Times)

26. March 2019Facebook admits storing millions of passwords in plain text: The company seems to be finding it difficult to stay away from controversies. They mentioned in a blog post that a bug caused hundreds of millions of passwords to be stored in plain text form for years. Even though officials came to notice the bug in January, they brought it to the public’s attention only two months later.

The bug dates back to 2012. The blog also says that there were no findings to indicate any improper access, but there was no mention of how they reached such a conclusion. Facebook said that they would notify the affected users of Facebook, Facebook Lite, and Instagram about the incident.

(Source: Facebook Newsroom)

27. April 2019- Yet another incident showcase how vulnerable user data is with Facebook and third-party applications: More than 540 million records of Facebook users were found unsafe and out in the open on the internet. These data records from two Facebook apps which put them on unsecured servers.

The two apps named ‘Cultura Colectiva’ and ‘At the Pool’ had data collected data from Facebook users. Cultura Colectiva had a bigger share in this unsafe data pool. The information they had included comments, like, Facebook ids, etc. While some users might not consider it as sensitive information, it can still cause pretty significant damage, especially when the set is so huge.

At the Pool seemed to have a lot more sensitive information compared to the other application. It contained information related to friends, interests, photos, email ids, etc. Even passwords were stored in plain text. While the passwords could’ve been for the app and not Facebook, there are still a lot of people out who use the same password across all their accounts.

The most noticeable part about this whole case is that it took months before the whole situation was taken care of, once the issue was reported.

(Source: UpGuard)

28. April 2019- Facebook acquired email accounts of 1.5 million users without letting them know: This is now the point of time when people are no more surprised to hear about privacy breaches from Facebook. This incident involved the company asking for email passwords when a new user signs up. And once the user enters the email passwords, the application would import contacts saved in the email account without asking for the user’s permission.

Facebook mentioned that this unintentional process happened as they eliminated the email password verification when someone signs up on the platform. It is only one of the many privacy blunders that Facebook made in 2019.

(Source: Forbes)

29. May 2019- Turkish authority slaps a fine of $270,000 on Facebook for privacy breaches: In September 2018, Facebook had an API bug that allowed third-party applications to access user photos over 12 days. It affected around 300,000 citizens across the middle eastern nation.

The country’s personal data protection authority found Facebook guilty of failing to react promptly to fix the issue, and not reaching out to the Turkish authorities to inform about the bug as soon as the found out about it.

(Source: RT)


  1. Mirror
  2. Tech Crunch
  3. BBC News
  4. itbusiness.ca
  5. The Telegraph
  6. The Telegraph
  7. ZD Net
  8. The Guardian
  9. The Verge
  10. The Guardian
  11. The Guardian
  12. The Guardian
  13. Digg, Gizmodo, The Guardian
  14. The Guardian
  15. BBC
  16. The Wall Street Journal
  17. Tech Crunch
  18. The Guardian
  19. The Washington Post
  20. Investopedia
  21. CNBC
  22. Tech Crunch
  23. The Guardian
  24. The New York Times
  25. Bloomberg, The New York Times
  26. Facebook Newsroom
  27. UpGuard
  28. Forbes
  29. RT