More than 540 million Facebook records have been publicly exposed on Amazon’s cloud computing servers, according to researchers at cyber security firm UpGaurd.
The researchers found two separate sets of Facebook user data on the public servers. Linked to the Mexican media company Cultura Colectiva, the data set with 540m records included information such as comments, likes, reactions, account names, Facebook IDs and more.
The other set was found to be linked to a now defunct Facebook app called At the Poll, while significantly smaller the data contained 22,000 plain text passwords.
The larger database was swiftly shut down after Bloomberg, which initially reported the incident, alerted Facebook to the problem – Facebook then contacted Amazon. Similarly, the smaller set was taken offline during UpGuard’s investigation.
This latest incident serves to highlight once again how vulnerable and widely disseminated Facebook users’ data is online. Similar to the Cambridge Analytica scandal, Facebook is allowing third parties to plunder massive amounts of data with no controls on how that data is used or stored.
UpGaurd researchers wrote on the company’s blog: “The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook’s control.
“In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security.
“As these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today.”
Chris Vickery, director of cyber risk research at UpGuard, said: “The public doesn’t realise yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners. Not enough care is being put into the security side of big data.”
Facebook said it’s investigating the matter and wasn’t aware of how the data was collected or why it was stored on public servers. The company said it will tell users if they find evidence that the data was misused.
A Facebook spokeswoman said: “Facebook’s policies prohibit storing Facebook information in a public database.
“Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
In the wake of the Cambridge Analytica scandal, Facebook began an audit of its apps and suspended hundreds until they could verify they weren’t mishandling the data. The company now offers bounties for researchers who find problems with its third-party apps.