Wednesday, April 3, 2019

540 Million Facebook User Records Found On Unprotected Amazon Servers


It's been a bad week for Facebook users.

First, the social media company was caught asking some of its new

users to share passwords

for their registered email accounts and now…

...the bad week gets worse with a new privacy breach.

More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.

The leaked databases do not belong to the Facebook company; instead, it was collected and unsecurely stored by third-party Facebook app developers.

Researchers at the cybersecurity firm UpGuard today

revealed

that they discovered two datasets—one from a Mexican media company called

Cultura Colectiva

and another from a Facebook-integrated app called "At the pool"—both left publicly accessible on the Internet.

More than 146 GB of data collected by Cultura Colectiva contains over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more.

The second dataset belonging to "

At the Pool

" app contains information about users' friends, likes, groups, and checked-in locations, as well as "names, plaintext passwords and email addresses for 22,000 people."

"As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third-party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users have been spread far beyond the bounds of what Facebook can control today," experts at UpGuard said.

Both datasets were stored in unsecured Amazon S3 buckets, which have now been secured and taken offline after Upguard, Facebook and media contacted Amazon.

This is not the first time third-party companies have collected or misused Facebook data and sometimes

leaked it to the public

.

The most famous incident is the

Cambridge Analytica scandal

wherein the political data firm improperly gathered and misused data on

87 million users

through a seemingly innocuous quiz app, for which the social media giant is

facing £500,000 EU fine

.



from The Hacker News https://ift.tt/2OHoT2z
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)