Facebook app developers leaked over 540 million user records: Report
Yes, it's yet another story about how Facebook let private data leak.
Highlights:
- A recent report reveals datasets from two more sources have leaked.
- Both were discovered on an Amazon cloud server.
- They contain personal data fields like user ID and password.
A couple of weeks ago, a report by KrebsOnSecurity revealed that Facebook had a copy of hundreds of millions of user passwords stored unencrypted in plain text format—practically an invitation to every social identity attacker out there. Much before that, Facebook was taken to task for the infamous Cambridge Analytica incident. Now, however, a report by UpGuard says that datasets of two more third-party Facebook app developers have been found exposed on public internet. The datasets contain over 540 million records of comments, likes, reactions, account names and IDs, etc.
Found on an Amazon cloud server, the datasets originate from two sources: one from a Mexico-based company called Cultura Colectiva and another from an app called “At the Pool”. The dataset from Cultura Colectiva has over 540 million records and is 146 gigabytes in size. The dataset found on the “At the Pool” app reportedly contained record fields for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and others.
“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak,” UpGuard writes confidently in its report.
This, by any measure, is not the first time Facebook has been called out for breach of privacy of personal user data. The popular social media company has been criticised in the past for either giving away data records of user accounts to third parties or letting it get away because of insufficient security measures. The most famous case involved Cambridge Analytica harvesting information on users through a seemingly innocent quiz app last year.
Related Read:
Facebook stored millions of passwords in plain text for several years: Report
Facebook to alert 87mn users hit by Cambridge Analytica data breach
Digit NewsDesk
Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile