Another Day, Another Story About Exposed Facebook User Data

Apr 06, 2019, 00:46
Another Day, Another Story About Exposed Facebook User Data

Facebook is grappling with another startling data leak with 540 million records found in plain sight on a public Amazon server.

Security researchers from the UpGuard Cyber Risk team have reported today that they've found two datasets with more than 540 million Facebook user records on the Amazon cloud servers.

Facebook used to allow developers access data about information of people using the app and their friends but they stopped this recently.

Though the firm speculates the passwords are not of Facebook, but "At the pool" account of users, people who tend to use the same passwords across their multiple social media accounts may have been exposed.

Facebook is right to be a little sensitive after a number of privacy-related scandals. She added that Facebook's policies now prohibit storing user information in a public database. That database was closed on Wednesday after Bloomberg alerted Facebook to the problem and Facebook contacted Amazon.

UpGuard said it sent two notification emails to Cultura Colectiva on January 10 and January 14 and never received a response.

More news: Kim Kardashian Reveals Name She Has Picked out for Baby No. 4

Last month for example it admitted that "hundreds of millions" of passwords were stored on its internal server in plaintext, unprotected by any form of encryption whatsoever.

The find was made by UpGuard, which reportedly found more than 146GB of information regarding Facebook users.

This is just another in a string of events in which third parties have exposed Facebook's data, something the social media giant is trying to address for some time now.

The issue highlights how Facebook shared this kind of information freely with third-party developers for years before cracking down.

But some in the security industry warn of lack standards around storing sensitive data.

'The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook's control.

More news: 'Ronaldo Alarm' for Juventus ahead of Champions League quarter-finals

Facebook at least when it became aware of the issue, reacted quickly to the discovery and worked with Amazon to get those public databases removed.

Alex Capecelatro, who was chief executive of At the Pool before it shut down around 2014, did not respond to requests to comment.

On the other hand, the At the Pool leak was taken offline while UpGuard were investigating the origin and before they could send an official email.

Politicians on both sides of the Atlantic have sharply criticized the company's data privacy practices.

Even though that once-public data is now properly secured, this isn't a good look for Facebook. It remains to be seen whether or not each company abused the data they scalped, but the way in which it was stored is already in breach of Facebook's current policies.

More news: Apple May Reveal a Streaming-Video Service at March 2019 Event