Half a billion Facebook records found on exposed Amazon servers housed by third-party companies
Apr. 4–More than 500 million Facebook records, including identification numbers, comments, reactions and account names, have been discovered stored by third-party companies on exposed servers maintained by Amazon.
The cybersecurity company UpGuard reported the breach to Amazon earlier this year, but nothing was done.
“It was not until the morning of April 3rd, 2019, after Facebook was contacted by Bloomberg for comment, that the database backup … was finally secured,” UpGuard said in an incident report on Wednesday. Moreover, Amazon only took down the server at Facebook’s request, a company spokesperson told ZDNet.
The Mexico City-based digital platform Cultura Colectiva, which ZDNet described as “a media platform operating across Spanish-speaking Latin American countries,” stored 540 million records on Facebook users that “detailed comments, likes, reactions, account names, Facebook IDs and more,” reported UpGuard.
This is not the first exposure of private data on public platforms, or to third parties who don’t necessarily have users’ best interests in mind.
Last year around this time, it was revealed that Facebook had been duped by researchers at a firm called Cambridge Analytica who gathered data on at least 87 million users and possibly misused it in election ads in 2016.
Facebook has gotten Cultura Colectiva to shore up the latest data exposure, but the situation highlighted the limits of the social media giant’s policies and restrictions. Once such information spreads beyond the bounds of Facebook, it is impossible to contain.
The second company, a Facebook-integrated app called At the Pool, contained just 22,000 records, and the entire operation seems to have been dismantled during the UpGuard investigation. But “both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers,” UpGuard said in its report.
“Facebook’s policies prohibit storing Facebook information in a public database,” the social media giant told CNet in a statement. “Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
However, measures like that might not be enough, as Bloomberg noted in its initial report.
“The discovery shows that a year after the Cambridge Analytica scandal exposed how unsecure and widely disseminated Facebook users’ information is online, companies that control that information at every step still haven’t done enough to seal up private data,” Bloomberg noted.
“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access,” UpGuard said. “But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.” ___
This article is written by Theresa Braine from New York Daily News and was legally licensed via the Tribune Content Agency through the NewsCred publisher network. Please direct all licensing questions to firstname.lastname@example.org.