- People are not falling for these ICE ‘propaganda’ photos Sunday 4:23 PM
- CLIF Bar and KIND Snacks are in a bizarre social media war Sunday 2:55 PM
- Caillou is how tall? Sunday 1:32 PM
- No, that video of a Boston Dynamics robot attacking its creators is not real Sunday 12:40 PM
- Alex Jones places $1 million bounty on culprit who planted child porn on his InfoWars server Sunday 12:03 PM
- ‘Stranger Things’ star’s new Netflix prank show is receiving backlash Sunday 9:04 AM
- How to watch ‘City on a Hill’ for free Sunday 8:00 AM
- How to watch ‘Euphoria’ for free Sunday 7:00 AM
- Meet the home brewer turning beer into a case for net neutrality Sunday 6:30 AM
- How to watch the U.S. vs. Chile at the World Cup for free Sunday 6:15 AM
- 15 teen movies on Netflix that will make you laugh, cry, and cringe Sunday 6:00 AM
- How to watch Estrella TV online for free Sunday 5:00 AM
- People are roasting this ‘traditional’ take on marriage with a hilarious meme Saturday 5:17 PM
- The internet just collectively realized that the Neopets of the world must be hungry Saturday 4:00 PM
- Alt-right message board 8chan was served a search warrant Saturday 3:06 PM
Wikimedia Commons (CC-BY)
Cybersecurity researchers revealed Wednesday that data on hundreds of millions of Facebook users was left exposed online.
According to a blog post from UpGuard, a California-based cybersecurity firm, two publicly assessable servers were found to contain information on more than 540 million Facebook users.
The first and most substantial dataset comes from Mexican media company Cultura Colectiva, which left 540 million “comments, likes, reactions, account names, FB IDs and more” on an unsecured Amazon Simple Storage Service (S3) bucket.
The second unprotected server, belonging to a Facebook-integrated app known as “At the Pool,” was found to be storing data on over 22,000 users, including everything from passwords to Facebook check-ins. Although the passwords are believed to be for the app itself and not Facebook, UpGuard notes that the security lapse “would put users at risk who have reused the same password across accounts.”
UpGuard says despite contacting Cultura Colectiva to request the data be protected or removed, the company failed to reply. Even after contacting Amazon, Cultura Colectiva’s server was still left exposed. After Facebook became aware of the issue nearly three months later, the S3 bucket was secured.
The information stored by the “At the Pool” app was taken offline before UpGuard could alert the company.
“The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook’s control,” UpGuard notes. “In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security.”
The incident highlights the inherent security and privacy issues related to Facebook’s policy of sharing data with third-party developers. The discovery also comes amid attempts by Facebook to paint itself as a privacy-conscience company after months of data scandals.
- Facebook’s new sign-up feature resembles a phishing attack
- Man pleads guilty to stealing over $100 million from Facebook, Google
- Hundreds of millions of Facebook passwords were accessible to employees
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.