Facebook is the world’s most popular social network, boasting 2.27 billion active users every month. That’s 2.27 billion people who trust all kinds of personal information to Facebook for safe-keeping.

Unfortunately, Facebook doesn’t have a great track record of protecting it’s users. This timeline shows some of the biggest privacy breaches since 2005.

December 2005

To help demonstrate threats to privacy caused by “over sharing” on social networks, a team of researchers publish a script that allows them to download user data from Facebook. The team manage to acquire personal data from 70,000 profiles, arguing that businesses are carrying out similar activities, stealing data without the permission of the affected users.

December 2007

Facebook releases a new product called “Beacon”, designed to help advertisers better understand their audience by tracking their movements on other websites. Beacon extends the user’s Facebook profile based on this behaviour, recording videos hired from Blockbuster Video for instance. This feature breaks the American Video Privacy Protection Act, and Facebook is forced to settle a $9.5 million class action lawsuit brought by affected users.

December 2009

Facebook publicly publish information marked private on users’ pages. A Federal Trade Commission investigation forces Facebook to apologise, and to promise improved management and protection of personal data.

June 2013

Facebook announces discovery of a bug that allows users to download contact information belonging to friends of friends – without asking permission. Official estimates suggest that as many as 6 million people have their personal information taken in this way.

February 2014

A new data-driven start-up called Cambridge Analytica asks volunteers to install a new Facebook app called thisisyourdigitallife. The app then downloads information from the user’s profile, including lists of friends, likes and some private messages.The app breaks Facebook’s terms of service, but remains in place until December 2015. By then 87 million profiles have been harvested by Cambridge Analytica, ready for use in targeting fake news stories and other marketing-related activities.

Facebook has already been fined £500,000 by the UK’s Information Commissioner for its part in the Cambridge Analytica scandal. The issue remains under investigation in the US and elsewhere.

April 2018

Facebook is forced to announce that ‘malicious actors’ have used the built-in search function to harvest the public profile data of almost their entire user base. Almost all 2 billion users have had their data collected by third parties without their permission.

June 2018

Journalists uncover “secret” agreements between Facebook and several smartphone manufacturers. In return for improving the Facebook experience on their devices, Samsung, Microsoft, Apple, Huawei, Lenovo and others have been given access to personal data belonging to the phone’s owner and their friends. Even if those friends have chosen not to share their data with third parties.

July 2018

A new bug overrides users’ block lists. For 8 days, blocked users are able to see personal information against the wishes of account holders.

August 2018

The popular data-saving app Onavo) is removed from the App Store after complaints that web activity is being collected by Facebook (Onavo’s owner), violating Apple’s privacy rules.

September 2018

A new bug in the “view as” feature allows hackers to forge authentication tokens and take control of up to 50 million user accounts.

Be careful who you trust with your data

Over the past 13 years Facebook has become a victim of its own success. With access to the personal data belonging to more than 2 billion people, the social network is a natural target for hackers and cyber criminals – but a relaxed attitude to security and privacy has only made it easier for malicious activity to thrive.

All Facebook users should regularly check their privacy and security settings to ensure they are using the tools provided to protect themselves. In the long term however, questions need to be asked whether the benefits of Facebook outweigh the obvious risks to their online safety.