Over 500 million Facebook user records discovered on public Amazon servers

Posted April 05, 2019

With a size of around 146GB, the data file had data of more than 540 million users, comprising information such as comments, likes, reactions, account names, Facebook IDs and more. This included details such as the Facebook user ID, a list of Facebook friends, likes, photos, groups, checkins, and user preferences like movies, music, books, interests, and other, along with 22,000 passwords.

If you haven't already given Facebook your number, says Bobby Richter, who heads Consumer Reports' privacy and security testing, it's better to use an app such as Duo Mobile or Google Authenticator for two-factor authentication. The report from UpGuard comes nearly a year after revelations that Cambridge Analytica, a political consultancy, improperly accessed the personal data of 87 million Facebook users with the aid of a quiz app.

Hundreds of millions of Facebook user records - including some plain text passwords - were found exposed online free and open for the taking.

More news: Solskjaer: Manchester United can't lose many more for top-four finish

The social network said its policies prohibited Facebook data being stored in publicly-accessible databases. "Once alerted to the issue, we worked with Amazon to take down the databases", a Facebook spokesperson told Wired. "We are committed to working with the developers on our platform to protect people's data". Scariest of all, both data sets were stored in Amazon cloud storage buckets that allowed public downloads.

Even though that once-public data is now properly secured, this isn't a good look for Facebook.

The data from At the Pool went offline before UpGuard reached out about it. But as these exposures show, the data genie can not be put back in the bottle.

More news: Saudi Arabia gives murdered journalist Jamal Khashoggi’s children houses, monthly payments

"The public doesn't realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners".

UpGuard's blog post didn't mention how many users may have been ensnared in the Cultura Colectiva leak. It also limited apps with Facebook Login access from requesting any info beyond a user's name, profile picture, and email address without an official app review.

The database's owner, Cultura Colectiva, has issued a statement, saying the collected data was gathered from fanpages it manages over Facebook, and that the information was openly-shared by users. This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data.

More news: McConnell to Trump: We're not repealing, replacing Obamacare

On the downside, what these tales indicate is that lots and lots of companies, most of which you've never heard of, have hooks into Facebook user content.