In what could be shocking news for hundreds of millions of Facebook users, Facebook might be letting third-party apps publicly store your password, email address, account names and more on Amazon cloud servers. According to security researchers, these storage servers were not password protected. Meaning, anyone could see or download any data that was stored in public sight.
Clearly, Facebook’s privacy woes continue and there is absolutely no sign of an end to them. According to security researchers at a cybersecurity firm UpGuard, third-party-developed Facebook dataset from Mexican media company Cultura Colectiva was found exposed to the public internet. That weighs in at 146 GB and contains over 540 million records showing users’ comments, likes, reactions, account names and more.
Facebook told Bloomberg that the Cultura Colectiva’s database has been closed. Another dataset originated from ‘At the Pool’ was stored on Amazon’s Cloud server that included names, plain-text passwords, Facebook IDs from 22,000 Facebook users. We are still seeking more information whether data stored on Amazon’s cloud servers are being misused.
Facebook pulled the plug on both datasets and is now probing into the situation.
“Facebook's policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data,” Facebook spokesperson said in a statement.
Time for a quick recap: UpGuard researchers discovered that two datasets of hundreds of millions of Facebook users were being stored on Amazon Cloud servers. One dataset originating from media firm Cultura Colectiva included comments, likes, reactions, account names, FB IDs from more than 540 million users.
The second dataset from At the Pool included names, passwords, Facebook IDs and other details from 22,000 users. None of Amazon cloud servers in question was password protected.
Recently, Facebook acknowledged that it left hundreds of millions of user passwords readable by its employees for years after a security researcher exposed the lapse.