- Hulu’s ‘Into the Dark’ scores with Christmas-themed ‘A Nasty Piece of Work’ Today 6:00 AM
- West Virginia corrections employees suspended after Nazi salute photo surfaces Thursday 8:02 PM
- Here are the 15 best Eddie Murphy movies available to stream Thursday 7:56 PM
- Ex-InfoWars video editor admits to making up Islamophobic stories Thursday 6:55 PM
- WhatsApp accounts deleted amid Kashmir internet blackout Thursday 6:21 PM
- Guy gets mocked for tattoo of Baby Yoda drinking White Claw Thursday 6:18 PM
- Spotify Wrapped has people asking just how much it knows about us Thursday 5:50 PM
- Instagram account allegedly asked for inappropriate photos of children Thursday 5:16 PM
- How to stream ‘Boys vs. Bears on Thursday Night Football Thursday 4:33 PM
- Woman caught her boyfriend cheating through his Fitbit Thursday 4:29 PM
- The Pete Buttigieg ‘High Hopes’ dance was designed by an intern Thursday 4:17 PM
- TikTok admits to hiding content made by fat, LGBTQ, and disabled users Thursday 3:58 PM
- ‘Merry Happy Whatever’ is an unoriginal sitcom with plenty of holiday cheer Thursday 3:55 PM
- The ‘Pod Save America’ Bros are losing it over Joe Biden’s newest ad Thursday 3:28 PM
- Van Halen had a wholesome response in defense of Billie Eilish Thursday 3:15 PM
Cybersecurity researchers revealed Wednesday that data on hundreds of millions of Facebook users was left exposed online.
According to a blog post from UpGuard, a California-based cybersecurity firm, two publicly assessable servers were found to contain information on more than 540 million Facebook users.
The first and most substantial dataset comes from Mexican media company Cultura Colectiva, which left 540 million “comments, likes, reactions, account names, FB IDs and more” on an unsecured Amazon Simple Storage Service (S3) bucket.
The second unprotected server, belonging to a Facebook-integrated app known as “At the Pool,” was found to be storing data on over 22,000 users, including everything from passwords to Facebook check-ins. Although the passwords are believed to be for the app itself and not Facebook, UpGuard notes that the security lapse “would put users at risk who have reused the same password across accounts.”
UpGuard says despite contacting Cultura Colectiva to request the data be protected or removed, the company failed to reply. Even after contacting Amazon, Cultura Colectiva’s server was still left exposed. After Facebook became aware of the issue nearly three months later, the S3 bucket was secured.
The information stored by the “At the Pool” app was taken offline before UpGuard could alert the company.
“The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook’s control,” UpGuard notes. “In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security.”
The incident highlights the inherent security and privacy issues related to Facebook’s policy of sharing data with third-party developers. The discovery also comes amid attempts by Facebook to paint itself as a privacy-conscience company after months of data scandals.
- Facebook’s new sign-up feature resembles a phishing attack
- Man pleads guilty to stealing over $100 million from Facebook, Google
- Hundreds of millions of Facebook passwords were accessible to employees
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.