Millions of Facebook records found on Amazon cloud servers: UpGuard

The discovery marks the latest major privacy and security mishap to plague Facebook
MATT ROURKE APThe discovery marks the latest major privacy and security mishap to plague Facebook
Author

06 April, 2019

After sifting through the public internet, Upguard researchers said they found over 540 million records containing Facebook users' comments, likes, reactions, and more.

Facebook Inc said on Wednesday it had taken down the data bases containing its user data from Amazon.com Inc's cloud servers after a report from cybersecurity firm UpGuard pointed to millions of exposed records. "We are committed to working with the developers on our platform to protect people's data", the spokesperson added. This included details such as the Facebook user ID, a list of Facebook friends, likes, photos, groups, checkins, and user preferences like movies, music, books, interests, and other, along with 22,000 passwords.

The latest data breach appears to have been the result of Facebook allowing third party developers to integrate apps and websites with its platform to allow for functionality like signing into a service using Facebook.

For the last two years, the negative publicity on how Facebook partners collect, share, and secure data has skyrocketed. In recent years, information stored on several cloud services - USA military data, personal information of newspaper subscribers and cell phone users - has been inadvertently shared publicly online and discovered by security researchers. There is another database that belongs to At the Pool app, which isn't active anymore.

The issue highlights how Facebook shared this kind of information freely with third-party developers for years before cracking down.

"We're looking into the situation and assessing any extra steps we can take", came the response from Amazon security staff on February 21 - three weeks after Mr Vickery initially brought the data exposure to Amazon's attention - according to Bloomberg.

Goldman Sachs cuts the probability of a no-deal Brexit
The UK is now due to leave the European Union on 12 April but MPs haven't been able to agree on how that should happen. The UK prime minister says it is "frustrating" that Britain hasn't yet resolved the situation.


Chicago Police open internal investigation into alleged leaks in Jussie Smollett case
TMZ reports they "obtained documents that on the surface back his claim the $3,500 check he wrote to Abel was for training". Meanwhile, Chicago police said the attack was a " publicity stunt " because Smollett was upset with his " Empire " salary.


LA Clippers: Making the playoffs a bold, brilliant free agency pitch
The last time the NBA's best player was not in the post-season was in 2004-2005, his second season with the Cleveland Cavaliers . If it was easy, everyone would be doing it.


"All of the data passed from Facebook to literally millions of developers needs to be managed", said Greg Pollock, a vice president at UpGuard. Representing the larger of the two datasets discovered and managed by Mexico-based media company Cultura Colectiva, that collection contained 540 million records. They also informed Amazon Web Services about the data stored and they replied that the owner was made aware of the expose.

At The Pool did not respond to a request for comment.

Facebook said the data had now been removed from the servers.

Politicians on both sides of the Atlantic have sharply criticized the company's data privacy practices.

The researchers explained that despite Facebook's recent attempts to better restrict third-party access, these breaches show it's often out of the company's control.


More news