These days big data rules our lives; we constantly make use of large datasets to give us driving directions, help us shop around, find our friends, and many other modern day conveniances.. However, how often do we think "when we give up our data how sure we are it is anonymized?" "What do third parties do with our data?" Last week before the revelation about facebook Tim Berners-Lee made some strong statements about data ownership https://au.news.yahoo.com/inventor-urges-users-seek-complete-control-data-210123158--spt.html Later this week some new information proved him right.
Later last week it was then revealed that most data stored at Facebook was storing passwords in cleartext. (Link to Brian Krebs's fantastic blog: https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/) Many people re-use passwords which leaves them vulnerable; even though it is the users' responsibility to do this one would hope there was better care of the users' data. However, there is an even bigger issue here, if passwords are easier to steal people have Facebook Messenger and other means of communication on Facebook's system but it gets worse. So many web applications out there allow users to "sign on with facebook" and "sign on with Google" these passwords become master passwords!
Another place with single-signons that makes cloud-based applications worrisome is all the SaaS applications that are not hosted on premise. Many organizations prefer a single password for their users however with cloud-based applications users are entering these passwords into these web applications and they are eventually decrypted by the web server. It is hard to know how data or even passwords are stored on someone else's computer.