Revelations of a massive data leak at Facebook have shocked users, investors, lawmakers and even some top executives in recent weeks — but the company warned of third-party breaches and government regulation more than six years ago when it first filed to go public.
In its 2012 IPO prospectus, Facebook called "improper access to or disclosure of our users' information" a risk factor that could potentially harm the company's reputation and financial outlook.
Here is the excerpt:
"Our efforts to protect the information that our users have chosen to share using Facebook may be unsuccessful due to the actions of third parties, software bugs or other technical malfunctions, employee error or malfeasance, or other factors. In addition, third parties may attempt to fraudulently induce employees or users to disclose information in order to gain access to our data or our users' data. If any of these events occur, our users' information could be accessed or disclosed improperly."
None of that excuses Facebook's data control and privacy problems that have been exposed to the world in recent weeks. But the cautionary disclosure suggests that the social media giant knew the general risks associated with its massive open platform.
CEO Mark Zuckerberg spent the past two days in front of Congress describing the "breach of trust" that took place when research firm Cambridge Analytica purchased the sensitive personal information of as many as 87 million Facebook users from app developer Aleksandr Kogan, who collected user data through a psychology quiz app.
Facebook has denounced Kogan and Cambridge Analytica, and clarified that it long ago changed the policies that allowed for such robust data collection. Zuckerberg told members of Congress on Wednesday that the company is considering legal action against Cambridge Analytica and Kogan. Cambridge Analytica has denied any wrongdoing.
Facebook's S-1 outlined the risk of exactly the sort of behavior that has landed the company in hot water.
"Some Platform developers may store information provided by our users through apps on the Facebook Platform or websites integrated with Facebook," the filing said. "If these third parties or Platform developers fail to adopt or adhere to adequate data security practices or fail to comply with our terms and policies, or in the event of a breach of their networks, our users' data may be improperly accessed or disclosed."
Facebook was also right about the consequences of such a leak.
The company said in the filing, "Any incidents involving unauthorized access to or improper use of the information of our users could damage our reputation and our brand and diminish our competitive position. In addition, the affected users or government authorities could initiate legal or regulatory."
Facebook remains dominant, with more than 2 billion global monthly active users on the core platform, 800 million active users of Instagram and 1.5 billion people on WhatsApp.
But investors are feeling the pain. Facebook has lost tens of billions of dollars in market value since reports of the Cambridge Analytica leak first surfaced. The company is also now facing greater regulatory risk from U.S. lawmakers, who've seized the opportunity to question Facebook's legal obligations and ability to properly oversee our data.