Researchers find 540 million Facebook user records on exposed servers

Adjust Comment Print

One, originating from Mexican media company Cultura Colectiva, contains more than 540 million records detailing comments, reactions, account names, IDs, and more.

A Facebook representative told Bloomberg, which first reported the data vulnerability, that the company's policies prohibit storing Facebook information in a public database and once it was alerted of the issue the company worked with Amazon to take down the databases. "What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third-party developers", the firm said.

A second leak, linked to a Facebook-integrated app called "At the pool", left exposed roughly 22,000 Facebook passwords, stored in plaintext, according to UpGuard. As Facebook users know, the Facebook service doesn't require Facebook to collect and process email passwords. Facebook's representative claims that they have taken the databases offline after being notified and now they are investigating the incident to identify how and for what duration the data was available on Amazon's servers.

The slow-footed response underscores a dilemma faced by businesses like Amazon Web Services, which along with cloud computing behemoths Microsoft Corp. and Alphabet Inc.'s Google, generate billions of dollars in revenue by providing storage and other computing services via remote data centers.

Facebook is once again in the line of fire for data harvesting - cool! "That means the company's massive trove of data is in the hands of potentially thousands of third parties all over the world".

Trump's Border Closure Could Leave Us Out of Avocados Within Three Weeks
Halting the flow of goods across the border, even for a short time, will do significant economic damage to the USA economy. He continued: "All you hear me talking about is trade, but let me just give you a little secret".

Many security experts are of the view that, in the light of the frequent cybersecurity lapses, Facebook does not have a clear understanding of cybersecurity.

Redacted example of Facebook data from the exposed At the Pool dataset. But as these exposures show, the data genie can not be put back in the bottle.

In an interview with CNN, Vickery noted that the social media giant has "no way of guaranteeing the safe storage of the data of their end users if they are going to allow app developers to harvest it in mass".

"The surface area for protecting the data of Facebook users is thus vast and heterogenous, and the responsibility for securing it lies with millions of app developers who have built on its platform", it added. "In general, we work with developers to make sure that they're respecting people's information and using it only in ways that they want".

In that case, the financial and reputational damage to Facebook might prompt them to ensure the companies they do business with are held to their own security standards.

Comments