View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

How GCHQ exploited Facebook security weaknesses

UK spies used Akamai content delivery network to extract user data.

By Ben Sullivan

Documents from ex-NSA contractor Edward Snowden have revealed that the UK’s GCHQ obtained private user data from Facebook by exploiting a security gap.

Slides proporting to be from a GCHQ Powerpoint presentation titled "Exploiting Facebook traffic in the passive environment to obtain specific information" tell how social networks such as Facebook are "a very rich source of information on targets" for the government agency.

According to the documents GCHQ then goes on to describe how many profiles aren’t public, "but passive [exploitation] offers the opportunity to collect this information by exploiting inherent weaknesses in Facebook’s security model."

"Targets [are] increasing usage of Facebook, BEBO, Myspace etc," say the slides.

They also point out that social networks are "a very rich source of information on targets," including personal details, pattern of life, connections to associates, and media.

Facebook users’ photos worked with content delivery network Akamai, which was the opening GCHQ used to obtain users IDs and photos.

"It is possible to dissect the CDN (Content Delivery Network) URLs generated by Facebook in order to extract the Facebook user ID of the user whose picture the file pertains to," reads one of the slides.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

At the time of publishing, CBR has not yet received a comment from Facebook.


The slides feature in Glenn Greenwald’s new book No Place To Hide.


Update – Facebook got in touch with CBR and a spokesperson said:

"We don’t have any evidence of these allegations. The slides are dated several years ago, during which time our security technology improved in many important ways. We continue to believe that governments should be more transparent about the requests they make of companies like Facebook, and that they should use established legal channels."



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.