Facebook removes exposed user records stored on Amazon's servers

Another huge Facebook security blunder exposes data of millions

540 Mllion Facebook Records Leaked by Public Amazon S3 Buckets

'The UpGuard Cyber Risk team can now report that two more third-party developed Facebook app datasets have been found exposed to the public internet, ' the company's write-up states.

The trove in question included 540 million pieces of information, such as identification numbers, comments, reactions and account names, that had been culled from Facebook pages and stored on Amazon servers by Mexico City-based digital platform Cultura Colectiva.

When reached out by media, Facebook responded by saying, "Facebook's policies prohibit storing Facebook information in a public database".

It said no Facebook user passwords were found in the database backup of the app, which ceased operation in 2014. This shows that there have been little efforts from Facebook in ensuring foolproof security of the data that it extracts from its users. According to UpGuard, the passwords are presumably for the "At the Pool" app rather than for the user's Facebook account, but would put users at risk who have reused the same password across accounts.

"We're looking into the situation and assessing any extra steps we can take", came the response from Amazon security staff on February 21 - three weeks after Mr Vickery initially brought the data exposure to Amazon's attention - according to Bloomberg.

Millions of Facebook user records were exposed on a public data server, a cybersecurity firm said Wednesday.

British MPs back Brexit delay by one vote
The bill, put forward by Labour Party's Yvette Cooper, now needs to be approved by the House of Lords before it becomes law. Britain has until April 12 to propose a withdrawal plan to Brussels which must be accepted by 27 member states of the EU.

Organisations need to be very careful when sharing sensitive data with other third-party organisations.

Since then, Facebook has come under scrutiny for offering more of its users' data to companies than it had previously admitted.

The latest data breach appears to have been the result of Facebook allowing third party developers to integrate apps and websites with its platform to allow for functionality like signing into a service using Facebook. Within the correspondence, the company claimed that the data wasn't sensitive and meant for an "enhanced user experience".

UpGuard, in its blog post also claims that Facebook can not mitigate the extent of the damage as it has spread far beyond its controls. Facebook said there is no proof yet to demonstrate the data has been misused, however, that it was investigating.

As noted above, the "cc-datalake" storage bucket was the larger of two separate data exposures but the second could potentially be more impactful, although it was secured more quickly.

Instead, the collection of data and its storage being out of the control of the originating company - and in the hands of the platform's developers - only increases the surface area where potential breaches and leaks can occur from the platform.

Latest News