FACEBOOK: Another 540 Million Facebook Users’ Data Has Been Exposed

Surprise! Facebook is still a privacy nightmare. The company’s history of porous data sharing continues to haunt both it and us (its fairly helpless users) on the regular. On Wednesday, researchers from the cybersecurity firm UpGuard shared that they found two massive troves of exposed Facebook user data that had been posted publicly on Amazon cloud servers. The data included users’ passwords, names, comments, and likes. The scope of this particular privacy foul from Facebook is tremendous: More than 540 million user records were sitting in plain sight, available to anyone who found them.

The two troves of data came from two different app developers: Cultura Colectiva, a Mexican company that was responsible for the vast majority of the data exposure; and “At the Pool,” an app that’s been defunct since 2014 and had improperly stored records of 22,000 users, including their passwords. Despite being contacted in January by both Amazon and UpGuard, Cultura Colectiva didn’t move to take down the data until Wednesday, when Bloomberg contacted Facebook about the findings. (The data from At the Pool came down during the course of UpGuard’s research.)

Facebook logo displayed on a tablet.
Lionel Bonaventure/AFP/Getty Images
Recently in Future Tense
Get Ready. Presidential Campaigns Are About to Start Texting You All the Time.
Future Tense Newsletter: Is the EU Breaking the Internet?
Humanity’s Quest to Invent a Death Ray Has Given Us Everything But
The EU’s New Copyright Laws Won’t “Wreck the Internet”
Surprise! Facebook is still a privacy nightmare. The company’s history of porous data sharing continues to haunt both it and us (its fairly helpless users) on the regular. On Wednesday, researchers from the cybersecurity firm UpGuard shared that they found two massive troves of exposed Facebook user data that had been posted publicly on Amazon cloud servers. The data included users’ passwords, names, comments, and likes. The scope of this particular privacy foul from Facebook is tremendous: More than 540 million user records were sitting in plain sight, available to anyone who found them.

The two troves of data came from two different app developers: Cultura Colectiva, a Mexican company that was responsible for the vast majority of the data exposure; and “At the Pool,” an app that’s been defunct since 2014 and had improperly stored records of 22,000 users, including their passwords. Despite being contacted in January by both Amazon and UpGuard, Cultura Colectiva didn’t move to take down the data until Wednesday, when Bloomberg contacted Facebook about the findings. (The data from At the Pool came down during the course of UpGuard’s research.)


This is almost par for the course these days. Facebook is currently in the midst of multiple federal investigations over the Cambridge Analytica scandal that came to a boil about a year ago when it was reported that the voter targeting firm had inappropriately accessed the data of as many as 87 million Facebook users. That led to Facebook suspending hundreds of apps from accessing the social media network, as well as a raft of new privacy rules that restrict how app developers are now allowed to access Facebook user data, but it has not stopped the drip-drip of news that the company’s years of loose habits had come with breach after breach after breach.

Not to mention that it was less than two weeks ago that Brian Krebs reported that Facebook had been storing the passwords of hundreds of millions of Facebook users in plain text accessible to more than 20,000 Facebook employees to see. And it was only last September that Facebook shared its discovery of evidence of a security breach that hit 30 million users—the largest hack in the company’s history. The numbers of people affected by Facebook’s privacy blunders are so large it’s nearly impossible to wrap your head around them: 87 million, 30 million, 540 million—the list goes on. And once user data is exposed, there’s really no way to get it back. It can then be copied and repasted somewhere else in an instant. Even if Facebook works with Amazon to take the exposed personal information down now, that doesn’t mean it hasn’t already been found and posted elsewhere. There’s no putting the toothpaste back in the tube.


Hundreds of millions of Facebook records exposed on Amazon cloud servers

New York (CNN Business)A vast collection of data on Facebook users was exposed to the public until recently on Amazon's cloud computing servers, researchers have found.

Two third-party Facebook app developers were found to have stored user data on Amazon's servers in a way that allowed it to be downloaded by the public, according to a report from UpGuard, a cybersecurity firm.
One of the companies stored 146 gigabytes of data containing more than 540 million records, including comments, likes, reactions and account names, on the Amazon servers, according to UpGuard. The number of users whose data was included is not yet clear.
Another app is said to have stored unprotected Facebook passwords for 22,000 users.
Chris Vickery, the director of cyber risk research at UpGuard, told CNN Business that the find "highlights a problem that is intrinsic with mass data collection."
Vickery said that the data appeared to have been gathered through a Facebook integration. Facebook allows third party developers to integrate apps and websites with its platform to allow for functionality like signing into a service using Facebook.
Facebook has "no way of guaranteeing the safe storage of the data of their end users if they are going to allow app developers to harvest it in mass," Vickery said.
In a statement provided to CNN Business, a Facebook spokesperson said, "Facebook's policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."

Sources:

[link to edition.cnn.com (secure)]