X

Facebook ignored data breach risks, says ex-employee

The social network failed to monitor user data culled by third parties, a former Facebook manager tells the Guardian.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
See full bio
Katie Collins
2 min read
Social Media on Portable Devices

Facebook didn't listen to his warnings, says ex-employee Sandy Parakilas.

 NurPhoto/Getty

The data of hundreds of millions of Facebook users could've been harvested by private companies under the social network's previous rules, an ex-employee said Tuesday.

Sandy Parakilas, who was Facebook's platform operations manager between 2011 and 2012, told the Guardian that he warned senior executives at the social network there was risk of a major data breach, but was ignored.

Parakilas, who now works at ride-hailing service Uber, was in charge at Facebook of policing data breaches by third-party developers who could access user data by building apps for the platform. The company did not implement audits or enforce other mechanisms to ensure user data extracted from the social network was not misused, he said.

"My concerns were that all of the data that left Facebook servers to developers could not be monitored by Facebook, so we had no idea what developers were doing with the data," Parakilas told the British newspaper.

Parakilas came forward after revelations over the weekend that data consulting firm Cambridge Analytica exploited personal data on Facebook culled by university researchers.

The data was collected legitimately in accordance with Facebook's terms by University of Cambridge researcher Aleksandr Kogan. But Kogan then shared the data through his private enterprise General Science Research (GSR) with Cambridge Analytica, a company best known for assisting in Donald Trump's 2016 presidential election campaign.

Cambridge Analytica denied using in Trump's campaign any Facebook data provided by GSR. "CA received data from a contractor, which we deleted after Facebook told us the contractor had breached their terms of service," Cambridge Analytica tweeted Tuesday.

Facebook was already aware that GSR had shared the data with Cambridge Analytica before the Guardian and New York Times published their reports Saturday. The company asked Cambridge Analytica to delete the data but did not follow up to see whether it had done so, according to former Cambridge Analytica employee and co-founder Chris Wylie.

"It has been painful watching," Parakilas told the Guardian. "Because I know that they could have prevented it."

Parakilas will provide evidence to UK Parliament's inquiry into fake news via video link Wednesday. The digital, culture, media and sport committee responsible for the inquiry also called on Facebook CEO Mark Zuckerberg to give evidence, but he has not yet responded.

Facebook didn't respond to CNET's request for comment.

iHate: CNET looks at how intolerance is taking over the internet.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.