The scandals never end for Facebook. The latest one involves over 540 million Facebook user data records that had been inadvertently left exposed on an Amazon S3 bucket maintained by a Facebook-integrated third part app.
Researchers from security firm UpGuard found the exposed data and reported it to Facebook. Read UpGuard’s analysis here.
Colin Lecher filed this report about Facebook’s latest gaffe in The Verge:
The researchers said the larger of the two data sets came from a Mexican media company called Cultura Colectiva. A 146GB data set with information like Facebook user activity, account names, and IDs was found that included more than 540 million records, the researchers said. A similar data set was also found for an app called “At the Pool.” While smaller, the latter included especially personal information, including 22,000 passwords apparently used for the app, rather than directly for Facebook.
It’s not clear how long the data was publicly available, or who may have obtained it from the servers, if anyone. Both data sets were found on Amazon cloud servers, and the data was removed after Facebook was contacted, the researchers said.
“Facebook’s policies prohibit storing Facebook information in a public database,” a spokesperson for the company said in a statement. “Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
Facebook has faced intense criticism over how it’s shared user data with third parties. Most famously, the political data firm Cambridge Analytica harvested information on users through a seemingly innocuous quiz app. Facebook has since cut down on the number of apps with access to user data.
In this case, the data appears to have been made available by mistake, but the problem still raises questions about where user information has traveled since it was collected by Facebook apps.
