Summary:
In August 2007, a configuration problem on a Facebook server caused the PHP code to be displayed instead of the web page the code should have created, raising concerns about how secure the private data on the site was. In November 2007, Facebook was embroiled in another controversy when it launched Beacon, a system (later discontinued in September 2009), where third-party websites could include a script by Facebook on their sites, and use it to send information about the actions of Facebook users on their site to Facebook, prompting serious privacy concerns.
Allegations:
- The leak raised questions on how secure a Facebook users private data really is. If the main source code for a site can be leaked, then it can turn into a hacker's playground.
- Facebook's Beacon system sparked serious privacy concerns when users were able to decline tracking on a site-by-site basis, but not systemwide.
- Louise Story from 'The New York Times' accused Facebook CEO Mark Zuckerberg of misleading her on paper about Beacon being an "opt-in". Coca-Cola got a similar impression from the company and backed out after knowing the truth.
Defence:
- Brandee Barker from Facebook was quoted clarifying that only a small fraction of the code that displays Facebook pages was exposed. According to her, this was not a security breach and does not compromise user data in any way.
- Mark Zuckerberg justified the launch of Beacon and said that users would be allowed to choose whether to participate, and implied that the choice would be explicit, or opt-in. After an uproar, the platform ultimately let its users turn Beacon off, and Zuckerberg publicly apologised.