fbpx

Researchers Find 540 Million Facebook User Records ‘Accidentally’ Exposed On Amazon Cloud Server

Researchers Find 540 Million Facebook User Records ‘Accidentally’ Exposed On Amazon Cloud Server

Facebook user records
Facebook Headquarters Front Sign | Image: Anita Sanikop

Researchers at cybersecurity firm UpGuard have found personal information on hundreds of millions of Facebook users exposed to the public on the internet including usernames and IDs.

One of the third-party-developed Facebook app datasets originated from the Mexico-based media company Cultura Colectiva, and contains more than 540 million records detailing comments, likes, reactions, account names, Facebook IDs and more, UpGuard said in a statement.

It’s the latest such data lapse involving Facebook since the Cambridge Analytica scandal in 2018 involving the U.K.-based political data firm, TechCrunch reported. More than 87 million Facebook user records were scraped without users’ consent. The company was accused of using the data to help build voter profiles and advance Donald Trump’s presidential campaign.


Listen to GHOGH with Jamarlin Martin | Episode 51: Bärí A. Williams
Part 2. Jamarlin talks to tech attorney and diversity strategist Bärí Williams about the growing gap in big tech regulations between the U.S. and E.U., and why Democrats have been slow in bangin’ against Silicon Valley greed compared to Wall Street greed in 2008. They also discuss reparations and artificial intelligence being weaponized against Black people.

UpGuard also found a separate backup from a Facebook-integrated app “At the Pool” that was exposed to the public internet via an Amazon S3 bucket. This database backup contained passwords and more, and would put users at risk who have reused the same password across accounts, UpGuard reported.

The information was hiding in plain sight, inadvertently or accidentally posted publicly on Amazon’s cloud computing servers, Bloomberg reported. The records were accessible and downloadable for anyone who could find them online. 

“The discovery shows that a year after the Cambridge Analytica scandal exposed how unsecure and widely disseminated Facebook users’ information is online, companies that control that information at every step still haven’t done enough to seal up private data,” Bloomberg reported.

For years, Facebook has allowed anyone making an app on its site to use information on the people using the app, and those users’ friends. Once the data was out of Facebook’s hands, the developers could do whatever they want with it. The Cambridge Analytica scandal led to threats of regulation for Facebook. Facebook now offers a bug bounty — rewards for researchers who identify problems with its third-party apps.

The security of big data still leaves a lot to be desired.

“The public doesn’t realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners,” Chris Vickery, director of cyber risk research at UpGuard, told Bloomberg. “Not enough care is being put into the security side of big data.”