540 Million Facebook User Records Found On Unprotected Amazon Servers
It's been a bad week for Facebook users.
First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…
...the bad week gets worse with a new privacy breach.
More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.
The leaked databases do not belong to the Facebook company; instead, it was collected and unsecurely stored by third-party Facebook app developers.
Researchers at the cybersecurity firm UpGuard today revealed that they discovered two datasets—one from a Mexican media company called Cultura Colectiva and another from a Facebook-integrated app called "At the pool"—both left publicly accessible on the Internet.
More than 146 GB of data collected by Cultura Colectiva contains over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more.
The second dataset belonging to "At the Pool" app contains information about users' friends, likes, groups, and checked-in locations, as well as "names, plaintext passwords and email addresses for 22,000 people."
Both datasets were stored in unsecured Amazon S3 buckets, which have now been secured and taken offline after Upguard, Facebook and media contacted Amazon.
This is not the first time third-party companies have collected or misused Facebook data and sometimes leaked it to the public.
The most famous incident is the Cambridge Analytica scandal wherein the political data firm improperly gathered and misused data on 87 million users through a seemingly innocuous quiz app, for which the social media giant is facing £500,000 EU fine.
First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…
...the bad week gets worse with a new privacy breach.
More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.
The leaked databases do not belong to the Facebook company; instead, it was collected and unsecurely stored by third-party Facebook app developers.
Researchers at the cybersecurity firm UpGuard today revealed that they discovered two datasets—one from a Mexican media company called Cultura Colectiva and another from a Facebook-integrated app called "At the pool"—both left publicly accessible on the Internet.
More than 146 GB of data collected by Cultura Colectiva contains over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more.
The second dataset belonging to "At the Pool" app contains information about users' friends, likes, groups, and checked-in locations, as well as "names, plaintext passwords and email addresses for 22,000 people."
"As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third-party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users have been spread far beyond the bounds of what Facebook can control today," experts at UpGuard said.
Both datasets were stored in unsecured Amazon S3 buckets, which have now been secured and taken offline after Upguard, Facebook and media contacted Amazon.
This is not the first time third-party companies have collected or misused Facebook data and sometimes leaked it to the public.
The most famous incident is the Cambridge Analytica scandal wherein the political data firm improperly gathered and misused data on 87 million users through a seemingly innocuous quiz app, for which the social media giant is facing £500,000 EU fine.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
Source: thehackernews.com
540 Million Facebook User Records Found On Unprotected Amazon Servers
Reviewed by Anonymous
on
12:17 PM
Rating: