It has gotten incredibly difficult to keep track of all of Facebook's (FB 0.80%) privacy and security breaches. Back in September, Facebook disclosed that it had discovered a security bug related to its "View As" feature, which allows users to see what their Facebook profiles look like from another person's perspective. That issue affected up to 90 million users, according to the company's estimates at the time.
Facebook announced that it is bringing "View As" back today after fixing the underlying issue, which previously allowed Facebook access tokens to potentially be stolen.
Today, we're making it easier for people to manage their publicly visible information on Facebook with two updates: (1) we're bringing back the "View As Public" feature and (2) we're adding an "Edit Public Details" button directly to profiles. pic.twitter.com/zI5bVwodjp
— Facebook (@facebook) May 14, 2019
At the same time, Facebook subsidiary WhatsApp just disclosed a separate and far more serious security breach.
Out with the old bug, in with the new bug
WhatsApp today confirmed to The Financial Times that it has discovered a security exploit that could allow malicious attackers to inject spyware directly onto a user's phone, including both iOS and Android devices. The spyware was developed by Israel-based NSO Group, a privately held cyberintelligence company that works with governments around the world.
Image source: Getty Images.
The most startling aspect of the revelation is that an attacker only needed to call a victim's phone, which could install the malicious program even if the victim didn't answer. Once installed, the spyware would remove any log of the phone call and subsequently access the device's camera, microphone, and other information stored on the phone, including location data and messages.
WhatsApp has released a fix for its app that addresses the exploit and urged users to update to the latest version. It's unclear how many users may have been affected -- WhatsApp has only vaguely said that a "select number of users were targeted" -- but WhatsApp has a massive 1.5 billion monthly active user (MAU) base worldwide. The messaging service notified regulators in the European Union, which has much stronger privacy regulations in place following the implementation of GDPR last year, as well as the U.S. Department of Justice.
Facebook's reputation continues to deteriorate
The news is particularly damaging for WhatsApp since its brand has always been built on strong privacy protections and end-to-end encryption. Meanwhile, Facebook's reputation has been severely damaged by a never-ending onslaught of scandals around data protection and security over the past two to three years. CEO Mark Zuckerberg and senior management continue to vow to do better -- and continue to disclose new security flaws.
At Facebook's annual F8 developer conference, Zuck even tried to joke about the company's ongoing struggles. "I get that a lot of people aren't sure that we are serious about [improving privacy]," said His Zuckness. "I know that we don't exactly have the strongest reputation for privacy right now, to put it lightly."
Nobody in the audience laughed.
