- Lyft received a whopping 7 sexual assault lawsuits in a day Wednesday 10:00 PM
- High school reopens investigation into Nazi salute video after other racist videos emerge Wednesday 7:14 PM
- Facebook content moderators continue to suffer from brutal working conditions Wednesday 5:58 PM
- #RIPReese: Man bullied for relationship with trans woman dies by suicide Wednesday 4:46 PM
- Redaction error reveals ICE is paying Palantir $49 million Wednesday 4:25 PM
- People are using social media to raise awareness about the Amazon fires Wednesday 4:24 PM
- How to watch ‘Detective Pikachu’ right now Wednesday 3:56 PM
- Walmart is suing Tesla over fires at stores with solar panels Wednesday 3:44 PM
- Jeremy Renner asks nicely for Sony to let Spider-Man back in the MCU Wednesday 2:51 PM
- The best and safest torrenting sites you should be using in 2019 Wednesday 2:47 PM
- ‘Beyoncé’s Assistant for a Day’ creator is releasing more games on storytelling app Yarn Wednesday 1:54 PM
- Why does everyone keep falling for that Instagram and Facebook hoax? Wednesday 1:46 PM
- A bunch of celebrities fell for that viral Instagram hoax Wednesday 1:17 PM
- Former Die Antwoord crew member says video shows ‘homophobic attack’ Wednesday 1:13 PM
- How to stream all the MLS Rivalry Week matches Wednesday 1:13 PM
Cybersecurity researchers revealed Wednesday that data on hundreds of millions of Facebook users was left exposed online.
According to a blog post from UpGuard, a California-based cybersecurity firm, two publicly assessable servers were found to contain information on more than 540 million Facebook users.
The first and most substantial dataset comes from Mexican media company Cultura Colectiva, which left 540 million “comments, likes, reactions, account names, FB IDs and more” on an unsecured Amazon Simple Storage Service (S3) bucket.
The second unprotected server, belonging to a Facebook-integrated app known as “At the Pool,” was found to be storing data on over 22,000 users, including everything from passwords to Facebook check-ins. Although the passwords are believed to be for the app itself and not Facebook, UpGuard notes that the security lapse “would put users at risk who have reused the same password across accounts.”
UpGuard says despite contacting Cultura Colectiva to request the data be protected or removed, the company failed to reply. Even after contacting Amazon, Cultura Colectiva’s server was still left exposed. After Facebook became aware of the issue nearly three months later, the S3 bucket was secured.
The information stored by the “At the Pool” app was taken offline before UpGuard could alert the company.
“The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook’s control,” UpGuard notes. “In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security.”
The incident highlights the inherent security and privacy issues related to Facebook’s policy of sharing data with third-party developers. The discovery also comes amid attempts by Facebook to paint itself as a privacy-conscience company after months of data scandals.
- Facebook’s new sign-up feature resembles a phishing attack
- Man pleads guilty to stealing over $100 million from Facebook, Google
- Hundreds of millions of Facebook passwords were accessible to employees
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.