TECH NEWS – Security researchers at Upguard have found hundreds of millions of Facebook user records which were just sitting inadvertently on a public storage server.
In what has become a depressingly common refrain for the social network behemoth, Facebook user data has once again been left exposed to the public. According to researchers at security firm UpGuard, the first of the two data sets originate from Mexico-based media publisher Cultura Colectiva, weighing in at over 146 gigabytes and featuring over 540 million records, including Facebook IDs, comments, likes, and reactions.
The second data set, sourced from a Facebook app called “At the Pool”, was just a fraction of the size as the Cultura set, but contained more critical information, including plaintext Facebook passwords for over 22,000 users. Scariest of all, both data sets were stored in Amazon cloud storage buckets that allowed public downloads.
As UpGuard points out, despite the fact that Facebook has promised a renewed sense of urgency regarding its user’s data, especially following the catastrophic Cambridge Analytica leak last year, there is only so much that the company can control at this point. While it may be able to prevent or limit new leaks like this from happening in the future, the “At the Pool” app shut down in 2014, and yet the data was floating around online for years.
According to UpGuard, neither company responded to requests to have the data removed. Facebook contacted Amazon to pull the data offline, a Facebook spokesperson told TechCrunch.
“Facebook’s policies prohibit storing Facebook information in a public database,” said the Facebook spokesperson. Facebook said there is no evidence yet to show the data has been misused but that it was investigating.
In fact, it’s the latest data leak which involved the social media giant since the Cambridge Analytica scandal in 2018, where more than 87 million Facebook user records leaked without consent by the U.K.-based political data firm. Cambridge Analytica was accused of using the data to help build profiles on voters in an effort to help the presidential campaigns for Ted Cruz and later Donald Trump.
In the wake of the scandal, the social media giant rolled out a bug bounty program to cover third-party apps and services that leaked or exposed Facebook user data.
UpGuard found a batch of scraped Facebook profiles involving 48 million records in 2018 from LocalBlox, a data firm that scrapes data from social media profiles.
Chris Vickery, director of cyber risk research at UpGuard, told TechCrunch: “These finds continue to highlight the problems which plague companies that depend on mass data collection.”
“Storing personal information collected from end users is a liability,” said Vickery. “The more you have, the greater that liability becomes.”