A security firm has recently discovered data of more than 540 million Facebook users was left exposed to the public for months. The firm, UpGuard found the enormous cache of data on unsecured Amazon servers used by a Mexican social media firm.
The information was derived from visitors to the Facebook pages of Cultura Colectiva and included account names, ID numbers, comments and reactions. Facebook have stated the data has now been removed from the servers.
Cultura Colectiva stated that the data it collected came from interactions with users through its numerous Facebook pages. It also added that the same information would be available to anyone that looked at those public pages.
“We are aware of the potential uses of data in current times, so we have reinforced our security measures to protect the data and privacy of our Facebook fanpages’ users” it told business news site Reuters.
Facebook also added that Amazon helped it remove the data once UpGuard indicated its availability to the public. Along with this, there was also a smaller database of more than 22,000 people which was collected by a separate firm that recorded names, passwords and emails.
UpGuard discovered the data on users were part of regular checks it carried out on Amazon S3 servers that have exposed databases. The firm’s latest survey found seven other instances that exposed the following:
- Trade secrets from web hosting company GoDaddy
- Passwords and crypto keys for internet provider Pocket Inet
- 14 million customer records from Verizon
- Crucial data on Viacom applications
- Records of 1.8 million Chicago voters
“Facebook’s policies prohibit storing Facebook information in a public database,” a spokesperson for the company stated. “Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
Facebook also confirmed it was continuing the investigate the incident.
This incident is the latest of the seemingly never-ending stream of data-related issues faced by the social network, including incidents of misinformation being shared, breaches of user data, as well as allegations of political manipulation.
Ilia Kolochenko, cybersecurity expert and chief executive of online security firm High-Tech Bridge, said Facebook’s real issue was the amount of data it reportedly shared with third parties. As a result, it was losing the ability to stop these data leaks.
“The reported leak is actually not that dramatic: the 540-million-record database contains mostly publicly accessible data, while the second database with passwords in plain text contains just 22,000 records – a drop in the ocean of leaked credentials in 2018,” he said.
“The real problem is that most of the data – reportedly shared by Facebook with its partners – still remains somewhere, with numerous uncontrolled backups and unauthorised copies, some of which are being sold on the market already.
“It is impossible to control this data, and users’ privacy is at huge risk. Even if they change their passwords, other data such as private messages, for example, or search history – will remain affixed somewhere and often in hands of unscrupulous third parties.”
UpGuard, the security that found the leak of the 540 million users personal data exposed, said, “Data about Facebook users has been spread far beyond the bounds of what Facebook can control today.”
Well, it seems to be incident after incident when it comes to Facebook’s data, so at this point, we’re almost expecting another “new” personal data scandal to arise any minute now…
Story by Emily Clark
Featured Photo Credit: BusinessInsider