Security researchers from UpGuard found a treasure trove of Facebook data with more than 540 million exposed online on a public server.
The data contained substantial information, people’s likes, their comments, their Facebook ideas, and was collected by two third-party Facebook apps.
According to a Facebook spokesperson, “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
Facebook’s Struggle With Security Breaches Before
Over the last couple of months, Facebook has faced a number of security issues: last March, it had unintentionally stored the password of 20 million users in plain text. The social network has also been caught requesting people’s password to their personal emails when they were signing up for accounts, a method of verification they have been using for quite a while and have stopped using last week.
Third-party Apps Are A Security Concern
Third-party apps continue to be a security concern for Facebook, as demonstrated by the Cambridge-Analytica scandal last year. These databases were stored in a public Amazon cloud server and had come from a Mexico-based media company by the name of Cultura Collectiva, as well as another app called ‘At The Pool’.
More Exposed Data
The exposed data contained data including photos, events, and passwords. Though UpGuard believes it to be At The Pool’s stored passwords, and not for Facebook accounts. Yet it was a genuine concern as 22,000 passwords were visible in plain text and people often use the same password for multiple accounts.
The company behind At The Pool had stopped operating in 2014, but the database was available online for anyone who could find it.
UpGuard has said to have notified Cultura Collectiva in January but hasn’t received a response yet. The database wasn’t secured until Wednesday morning after Bloomberg reached out to Facebook regarding the incident.