Facebook's troubles continue to grow: What you need to know

The social network is under fire for how it collects user data.

Queenie Wong Former Senior Writer
Queenie Wong was a senior writer for CNET News, focusing on social media companies including Facebook's parent company Meta, Twitter and TikTok. Before joining CNET, she worked for The Mercury News in San Jose and the Statesman Journal in Salem, Oregon. A native of Southern California, she took her first journalism class in middle school.
Expertise I've been writing about social media since 2015 but have previously covered politics, crime and education. I also have a degree in studio art. Credentials
  • 2022 Eddie award for consumer analysis
Richard Nieva Former senior reporter
Richard Nieva was a senior reporter for CNET News, focusing on Google and Yahoo. He previously worked for PandoDaily and Fortune Magazine, and his writing has appeared in The New York Times, on CNNMoney.com and on CJR.org.
Queenie Wong
Richard Nieva
7 min read

Facebook can't seem to get through a week quietly.

This week, Germany's antitrust regulator ordered the world's largest social network to stop combining data from the Facebook accounts of its German users with information it collects about them from other sites unless they give their OK. The Federal Cartel Office's order covers not only Facebook's site, but Instagram, WhatsApp and other apps it own.

In a blog post, Facebook said it would appeal the ruling. It argues that collecting data about its users outside of Facebook helps the social network improve its services and protect user safety.

The German order is yet another reminder -- as if more were needed -- that social network is piling up trouble almost as quickly as added users. The company, which turned 15 years old in February, is trying to rebuild user trust, which has eroded in the midst of data and privacy scandals. It's also facing the wrath of lawmakers around the world because of the way its been used to spread misinformation and hate speech, as well as meddle in elections.

Facebook's problems aren't limited to users and governments. The company has also clashed with Apple, a company it needs to keep getting users on its apps.

Last week, Apple temporarily pulled Facebook's enterprise certificate, a digital signature that lets its employees use and test apps internally. The reason: Facebook had used the certificate for a market research app that was distributed to consumers, violating Apple's policies.

Here's a look at the biggest scandals that have rocked the social media giant. 

Data breaches, bugs and misuse

American online social media and social networking service

Facebook has faced a number of scandals in 2018 over data privacy and security. 

Getty Images

Cambridge Analytica
The scandal that kicked it all off was Cambridge Analytica. In March, a joint investigation by The New York Times, the Guardian and the Observer revealed that a UK-based consultancy with ties to Donald Trump's presidential campaign had misused the data of tens of thousands of Facebook's more than 2 billion users.

The trail allegedly leads back to a Cambridge professor named Aleksandr Kogan, who created an app called "thisisyourdigitallife," a personality quiz that was billed as "a research app used by psychologists." He legitimately gained access to information on 270,000 accounts through Facebook's Login feature, which lets people use their Facebook account to log in to outside apps so they don't have to create new usernames and passwords. But he broke Facebook's rules by sharing the data with Cambridge Analytica.

The investigative report set off a firestorm over how Facebook handles people's personal information. What made it worse: Zuckerberg and Facebook COO Sheryl Sandberg remained silent for days before commenting on the scandal. Eventually, Facebook admitted that the scope of the problem was larger than once thought. It was originally reported that the incident affected 50 million users. Turns out it was 87 million. Facebook later built a tool to let people know if their data had been accessed.

'View as' data breach
As if that wasn't enough, Facebook in September disclosed a breach that affected 50 million people on the social network. The vulnerability stemmed from Facebook's "view as" feature, which lets people see what their profiles look like to other people. Attackers exploited code associated with the feature and were able to steal "access tokens" they could use to take over people's accounts. Though access tokens aren't your password, they let people log in to accounts without needing it.

Two weeks later, Facebook said the data of 29 million people had been stolen, including names, email addresses and phone numbers. For 14 million of the people, hackers also nabbed birth date, hometown and workplace, along with most-recent searches or places the people had checked in to on the social network.

Later on, Facebook said it thought spammers masquerading as a digital marketing company were behind the security breach, and not hackers working for a nation-state.

Photos exposed
On Dec. 14, Facebook disclosed its latest breach. A bug on the social network exposed 6.8 million people's photos to outside developers. The developers could see the photos if users uploaded them to the social network, even if the users didn't actually post them. 

Data-sharing deals
Facebook's problems didn't stop there. On Dec. 18, the Times reported on how much user data Facebook provided to some of its partners. Netflix, Spotify and the Royal Bank of Canada could read users' private messages, the Times said. Microsoft could reportedly see the names of all the friends tied to a Facebook user without that user's permission. And Amazon reportedly had the ability to view users' names and contact information through their friends. 

The list went on. Yahoo could read the real-time feeds of friends' posts. Apple could access the calendar entries and contact numbers of people who disabled all sharing through their accounts. Even the Times had access to a users' friends list as part of an article-sharing app it shut down in 2011. 

The deals, which helped more than 150 companies, dated back to 2010 but were still active in 2017. 

The tech firm may have violated a 2011 agreement it had with the Federal Trade Commission to protect user data. The "consent decree" barred Facebook from sharing user data with third parties without their permission. Facebook, though, argues its data partnerships were exempted from the consent decree but former FTC and officials told the Times it disagreed with that interpretation.

Leadership and culture woes

Executive missteps
Facebook's endless list of scandals not only appeared to be taking a toll on employee morale, but it also raised questions about the company's culture and whether its executives should be fired.

After the Cambridge Analytica scandal, a leaked 2016 memo from Facebook executive Andrew "Boz" Bosworth suggested the company prized growth above user safety.

Even when Zuckerberg tried to explain how his company handles fake news and hate speech, his remarks sparked more criticism. In July, the tech mogul clarified that he found Holocaust denial "deeply offensive" after suggesting such content shouldn't be pulled from the platform.

WIRED25 Summit: WIRED Celebrates 25th Anniversary With Tech Icons Of The Past & Future

Instagram co-founder Kevin Systrom

Getty Images

A leadership shake-up
Meanwhile, founders at companies owned by Facebook continued to head for the exit amid tensions with Zuckerberg and the parent company. That included WhatsApp co-founder and CEO Jan Koum; Instagram co-founder and CEO Kevin Systrom and Chief Technical Officer Mike Krieger; and Oculus co-founder Brendan Iribe.

But Facebook's prior executive departures also came back to haunt the company. WhatsApp co-founder Brian Acton, who left Facebook last year, not only urged the public to #DeleteFacebook but later also told Forbes he sold his users' privacy.

Internally, Facebook tried to assure its employees it tolerated diverse political views, including from conservatives. Facebook pushed back against a report that it fired Oculus co-founder Palmer Luckey, who donated $10,000 to an anti-Hillary Clinton group during the 2016 presidential election, for his political views.

Response to scandals
Then in November, The New York Times published an investigation into how the company's executives handled a series of scandals over the last three years. Executives "delayed, denied and deflected," the report said.

Facebook also resorted to "aggressive" lobbying tactics and tapped its Washington connections to shift blame to tech rivals and ward off critics. The company hired a firm known for opposition research, Definers Public Affairs, which tried to discredit Facebook's critics by linking them to liberal billionaire George Soros.

It turned out Sandberg asked her staff to look into Soros' financial motivations after he called companies like Facebook and Google a "menace" during a speech at the World Economic Forum in Davos, Switzerland. Facebook's board defended Sandberg's actions, but by then her image had been tarnished.

Diversity concerns
And just when it seemed things couldn't get any worse for Facebook, former employee Mark Luckie accused the company of having a "black people problem" and failing its black users.

Government clashes

Washington testimony
As Facebook's scandals piled up, lawmakers and governments were also under growing pressure to take action.

Facebook CEO Mark Zuckerberg Testifies At House Hearing

Zuckerberg testifies before Congress in April. 

Chip Somodevilla/Getty Images

After the Cambridge Analytica scandal, Zuckerberg made his first appearance before Congress to answer questions from US lawmakers. For the most part, the tech mogul walked away unscathed after more than five hours of grilling. The line of questioning, though, illustrated that lawmakers still had a lot to learn about the industry they're trying to regulate. Facebook's apology tour continued in September when Sandberg testified before Congress.

Hate speech and misinformation abroad
In Myanmar, Facebook was under fire for the role it played in spreading hate speech that fueled what human rights organizations called ethnic cleansing targeting Rohingya Muslims. WhatsApp was also reportedly being used to spread misinformation in Brazil and Nigeria. Meanwhile, ahead of the US midterm elections, Facebook was trying to combat disinformation campaigns that appeared to be coming from Russia, Iran and other countries.

European scrutiny
In Europe, lawmakers and regulators were digging into the company's data practices. Italian regulators fined Facebook $11.4 million for misleading users about how their data is used.

And in a rare move, the UK Parliament seized internal Facebook e-mails and documents that were part of a lawsuit involving now-defunct app developer Six4Three. The documents reinforced the public's privacy concerns about the social network, which has denied selling user data.

Critics argued that Facebook, which makes billions of dollars from advertising, not only lacked an "ethical roadmap" but also had a history of placing its profit before user privacy. 

Facebook didn't immediately respond to a request for comment.

First published Dec. 14, 5:12 p.m. PT
Update, Dec. 19 at 12:25 p.m.: Reflects Dec. 18 New York Times report and DC lawsuit.
Update, Dec. 19 at 1:52 p.m.: Includes more background about Facebook's data sharing partnerships.
Update, Dec. 19 at 2:14 p.m.: Includes comment from Netflix. 
Update, Feb. 8 at 2:58 p.m.: Includes background about a Germany antitrust order and Apple's clash with Facebook.  

The Honeymoon Is Over: Everything you need to know about why tech is under Washington's microscope.

Infowars and Silicon Valley: Everything you need to know about the tech industry's free speech debate.