Over 540 million facebook user records exposed on public server
Nickie Louise
Posted On April 3, 2019
Are you a Facebook user? If yes, this may be the time to delete your Facebook account before your personal data is compromised. In latest illustration that Facebook cannot be trusted with users’ data, security researchers have discovered 540 millions of unprotected Facebook user records on Amazon’s cloud computing servers. According to the security researchers at UpGuard Cyber, it wasn’t until the morning of April 3rd, 2019, after Facebook was contacted by Bloomberg for comment, that Facebook finally secure the data.
The trove of data had been uploaded to Amazon’s cloud servers by two different Facebook app developers. Just about a year ago, Facebook was accused of sharing its users’ data with Cambridge Analytica. The social giant later confirmed that up to 87 million of its users had their data improperly accessed.
According to the details provided by the UpGuard Cyber Risk team, two more third-party developed Facebook app datasets were found exposed to the public internet. One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more. This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data.”
According to the company, “a separate backup from a Facebook-integrated app titled “At the Pool” was also found exposed to the public internet via an Amazon S3 bucket. This database backup contained columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more. The passwords are presumably for the “At the Pool” app rather than for the user’s Facebook account, but would put users at risk who have reused the same password across accounts.”
Redacted example of Facebook data from the exposed At the Pool dataset.
Each of the data sets was stored in its own Amazon S3 bucket configured to allow public download of files. Below is a redacted example of Facebook data from the exposed Cultura Colectiva dataset.
Redacted example of Facebook data from the exposed Cultura Colectiva dataset.
