Facebook had "wild west" approach to looking after its users' data and had "little detection" of any violations of its policies, a former employee of the company has told British MPs.
Speaking amid allegations election consultants Cambridge Analytica (CA) harvested the data of millions of Facebook users for the purposes of political targeting, whistleblower Sandy Parakilas claimed the company "had very few ways of discovering abuse or enforcing on abuse when it was discovered".
Mr Parakilas, who worked in policy compliance and data protection for Facebook between 2011 and 2012, was giving evidence to the UK's Digital, Culture, Media and Sport Committee's (DCMS) and said that while security to protect against hacking or other attacks was very strong, the same could not be said of user data accessed by Facebook developers.
He said that, to prevent abuse of its data, Facebook created a set of policies that forbade activity such as selling user data or passing it to advertising networks, but said he had no memory of a "single physical audit of a developer's storage" during his time there.
"[Facebook] had very good engineers working on technical security," he said.
"But this platform... would allow [developers] to get all this data on people who hadn't really explicitly authorised it," he said, explaining that they were at this time able to collect data on users' friends without the explicit permission of those friends.
"It was personally identifiable, it was your name, in some cases your email addresses, in some cases your private messages - they just basically allowed that to leave Facebook's servers intentionally and there weren't really controls once the data had left to make sure it was being used in an appropriate way."
Facebook stopped allowing developers to access users' friends' data in the this way in 2014.
He added: "I would say that in some ways this is worse than a data breach... the users had no idea that this had happened.
"Their data was compromised in the same way it would have been in a technical data breach. Facebook was aware that this had happened and didn't notify anyone, and then should have been aware that it was continuing to happen and then didn't notify anyone," he said.
Ian C Lucas, a Labour MP who sits on the DCMS committee, described the testimony as "extraordinary" and said it showed "Facebook knew that Cambridge Analytica had breached their data rules, but for over two years allowed CA to trade on that data without taking preventative action".
Facebook shares have slid by more than 7.6% since the first allegations were reported at the weekend by the Observer, and has received a backlash online - with a number of users reporting that they were deleting their accounts, including the co-founder of Whatsapp, which was bought by Facebook in 2014.
The company is also facing legal action from some of its own shareholders, who claim the company made "materially false and misleading statements regarding the company's business, operational and compliance policies".
DCMS committee chairman Damian Collins has also called on Facebook CEO Mark Zuckerberg to appear before MPs to "give an accurate account" of what he described as a "catastrophic failure of process".
The Information Commissioner has announced a probe in to CA, saying "people need to have confidence in how their personal data is being used".
CA chief executive Alexander Nix was suspended after recordings emerged of him making a series of controversial claims, including boasts that CA had a pivotal role in the election of Donald Trump.
The company has denied using Facebook data in its work on the President's election campaign.
Downing Street today confirmed that the Government employed CA parent company SCL for a contract with the Ministry of Defence, but said this had ended before the recent allegations came to light.
"We are looking across Government to see if there were any other contracts," said a spokesman. "As the Prime Minister said, we are not aware of any current contracts."
The Conservative Party said it had been approached by CA with a pitch for work during David Cameron's leadership, but said this was rejected.
"The Conservative Party has never employed Cambridge Analytica or its parent company, nor used their services," a Tory spokesman said.