- The 9 best podcasts for kids that entertain and educate Today 8:00 AM
- Swipe This! Why does my BFF get more likes on Instagram than me? Today 6:00 AM
- The 25 Tom Cruise movies that are essential viewing Today 6:00 AM
- No, that guy didn’t really fly alone on a Delta flight Saturday 4:31 PM
- Fans are paying to meet their favorite YouTubers online through pilot program Saturday 2:54 PM
- Behold: 12 straight hours of ‘Stranger Things” Alexei drinking a Slurpee Saturday 2:05 PM
- Influencer couple under fire for using holy water to splash genitals in Bali Saturday 1:29 PM
- These are the 10 best villains DC comics has ever conceived Saturday 1:11 PM
- The Daily Wire accused of stealing art design from pop artist for its merchandise Saturday 12:09 PM
- Instagram model Rianne Meijer on keeping it real with her followers Saturday 10:52 AM
- How to stream Chelsea vs. Leicester City Saturday 8:30 AM
- Florida man arrested after allegedly texting girlfriend his mass shooting plans Saturday 8:27 AM
- How to stream Real Madrid vs. Celta Vigo Saturday 8:20 AM
- How to stream Seahawks vs. Vikings in NFL preseason action Saturday 8:00 AM
- How to stream Steelers vs. Chiefs in NFL preseason action Saturday 6:30 AM
Cybersecurity researchers revealed Wednesday that data on hundreds of millions of Facebook users was left exposed online.
According to a blog post from UpGuard, a California-based cybersecurity firm, two publicly assessable servers were found to contain information on more than 540 million Facebook users.
The first and most substantial dataset comes from Mexican media company Cultura Colectiva, which left 540 million “comments, likes, reactions, account names, FB IDs and more” on an unsecured Amazon Simple Storage Service (S3) bucket.
The second unprotected server, belonging to a Facebook-integrated app known as “At the Pool,” was found to be storing data on over 22,000 users, including everything from passwords to Facebook check-ins. Although the passwords are believed to be for the app itself and not Facebook, UpGuard notes that the security lapse “would put users at risk who have reused the same password across accounts.”
UpGuard says despite contacting Cultura Colectiva to request the data be protected or removed, the company failed to reply. Even after contacting Amazon, Cultura Colectiva’s server was still left exposed. After Facebook became aware of the issue nearly three months later, the S3 bucket was secured.
The information stored by the “At the Pool” app was taken offline before UpGuard could alert the company.
“The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook’s control,” UpGuard notes. “In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security.”
The incident highlights the inherent security and privacy issues related to Facebook’s policy of sharing data with third-party developers. The discovery also comes amid attempts by Facebook to paint itself as a privacy-conscience company after months of data scandals.
- Facebook’s new sign-up feature resembles a phishing attack
- Man pleads guilty to stealing over $100 million from Facebook, Google
- Hundreds of millions of Facebook passwords were accessible to employees
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.