Millions of Facebook user records exposed in data breach

Millions of Facebook user records exposed in data breach

"It is unknown if this is a coincidence, if there was a hosting period lapse, or if a responsible party became aware of the exposure at that time". There are two data sets, originating from different sources, both stored in Amazon S3 buckets - no password protection on either one, naturally. Yes, that means that anyone who knew where to look could have pulled it. "What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers". It reportedly contains over 146 GB of data, amounting to over 540 million records on Facebook users, including comments, likes, reactions, account names, Facebook user IDs, and more.

According to UpGuard, the second dataset, from a third-party Facebook app titled At the Pool, "contained columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more".

"All of the data passed from Facebook to literally millions of developers needs to be managed", said Greg Pollock, a vice president at UpGuard.

You don't reuse passwords across sites, do you? "Data about Facebook users has been spread far beyond the bounds of what Facebook can control today". The firm expressed concern that Facebook users who set the same password on multiple sites and services could be at the greatest risk.

After another exchange and an intervention from Bloomberg who asked for comment on the issue, the cc-datalake database was eventually secured on April 3. While it may be able to prevent or limit new leaks like this from happening in the future, the "At the Pool" app shut down in 2014, and yet the data was floating around online for years. By allowing third-party apps to scrape Facebook users' information (remember Cambridge Analytica?) the company essentially loses control of it. UpGuard said it notified Cultura Colectiva about the exposed data, starting with an email on January 10 of this year, but has received no response from the company.

More news: The First Trailer For the New "Joker" Just Dropped

A Facebook spokesperson responded to the controversy in a statement to CNet Wednesday: "Facebook's policies prohibit storing Facebook information in a public database".

UpGuard didn't have much success getting Amazon to take down the content.

The company later announced changes to the platform aimed at protecting user data.

In other words, yeah, it's as bad as it sounds.

Related Articles