- A recent report reveals datasets from two more sources have leaked.
- Both were discovered on an Amazon cloud server.
- They contain personal data fields like user ID and password.
A couple of weeks ago, a report by KrebsOnSecurity revealed that Facebook had a copy of hundreds of millions of user passwords stored unencrypted in plain text format—practically an invitation to every social identity attacker out there. Much before that, Facebook was taken to task for the infamous Cambridge Analytica incident. Now, however, a report by UpGuard says that datasets of two more third-party Facebook app developers have been found exposed on public internet. The datasets contain over 540 million records of comments, likes, reactions, account names and IDs, etc.
Found on an Amazon cloud server, the datasets originate from two sources: one from a Mexico-based company called Cultura Colectiva and another from an app called “At the Pool”. The dataset from Cultura Colectiva has over 540 million records and is 146 gigabytes in size. The dataset found on the “At the Pool” app reportedly contained record fields for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and others.
Facebook Research App collected data of 187000 users most of whom were Indians
Almost 60% of email servers on the internet affected by new RCE vulnerability: Report
Facebook reportedly sharing personal user data that enables companies to guess your creditworthiness, target ads
India now has 400 million active internet users: Google
Google will now let you Auto-Delete your Location History and Web & App Activity Data every 3 or 18 months
“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak,” UpGuard writes confidently in its report.
This, by any measure, is not the first time Facebook has been called out for breach of privacy of personal user data. The popular social media company has been criticised in the past for either giving away data records of user accounts to third parties or letting it get away because of insufficient security measures. The most famous case involved Cambridge Analytica harvesting information on users through a seemingly innocent quiz app last year.