Data of 540 million Facebook users exposed in latest privacy cock-up
It is only a couple of weeks since we learned that Facebook has been storing user passwords in searchable plain text, and now there is -- yet another -- privacy scandal. This time, the private data of over half a billion Facebook users was left exposed on publicly-accessible Amazon servers.
Security firm UpGuard discovered that the private data of 540 million Facebook users was exposed in Amazon Web Services S3 buckets. Now removed, the data included identification numbers, comments, reactions and account names. In some instances, names, passwords and email addresses were also exposed.
See also:
- Mark Zuckerberg's calls for internet regulation are just an attempt to shift the blame from Facebook
- Facebook explicitly bans white nationalism and white separatism
- Facebook stored millions of users' passwords in searchable plain text for years
Rather than being Facebook's fault -- directly, at least -- the data leak came from Mexico-based news site Cultura Colectiva and an app called At the Pool. The company issued a statement saying: "Neither sensitive nor private data, like emails or passwords, were amongst those because we do not have access to that kind of data, so we did not put our users' privacy and security at risk. We are aware of the potential uses of data in current times, so we have reinforced our security measures to protect the data and privacy of our Facebook fanpages' users".
UpGuard says that the data from Cultura Colectiva "weighs in at 146 gigabytes", and points out that the passwords exposed by At the Pool "would put users at risk who have reused the same password across accounts".
The security firm says:
The At the Pool discovery is not as large as the Cultura Colectiva dataset, but it contains plaintext (i.e. unprotected) passwords for 22,000 users. At the Pool ceased operation in 2014, and even the parent company's website is currently returning a 404 error notice. This should offer little consolation to the app's end users whose names, passwords, email addresses, Facebook IDs, and other details were openly exposed for an unknown period of time.
Facebook says that it has worked with Amazon to remove the data, adding: "Facebook's policies prohibit storing Facebook information in a public database".
Image credit: CHAINFOTO24 / Shutterstock