Another cache of unprotected Facebook user data uncovered

UpGuard says it discovered 540 million user records open to public download on Amazon cloud

Tags: Amazon Web Services (aws.amazon.com/)Cloud computingFacebook IncorporationUpGuard Inc (www.upguard.com)
  • E-Mail
Another cache of unprotected Facebook user data uncovered UpGuard reports finding over 500m Facebook user records on a publicly available Amazon cloud storage.
By  Mark Sutton Published  April 4, 2019

Another 540 million Facebook users records have been leaked publicly, according to security company UpGuard.

The UpGuard Cyber Risk team has reported finding two lots of data from third-party Facebook apps exposed to the public on Amazon cloud storage.

The main batch of records, from a Mexican media company Cultura Colectiva, comprises 146 gigabytes and contains over 540 million records including comments, likes, reactions, account names, FB IDs and more.

A second, smaller breach, related to a now defunct Facebook app contained around 22,000 user details, including passwords, in plain text.

UpGuard said that each dataset was stored on Amazon's web storage, each in its own Amazon S3 bucket, which were configured to allow public download of data.

The company warned that even though Facebook is attempting to improve data security, its lax processes in the past mean that third party developers have caches of data that are outside of the social media giant's control.

The company said on a blog post: "As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle.

"Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code