Facebook has been embroiled in one data breach after another since last year. It all started with Cambridge Analytica, and we cannot even recall exactly how many data leaks have followed. A few days back, Facebook said as a part of an internal security review, it discovered that passwords of hundreds of millions of its users had been stored on company servers unencrypted.
And now, a new report has surfaced online saying that Facebook app developers left hundreds of millions of user records exposed on cloud servers that are publically visible. The claim has been made by researchers from security firm UpGuard, who have further said that the larger of the two data sets that were found come from Cultura Colectiva, a media company based in Mexico.
According to the researcher, the data set was 146GB in size and had information like Facebook user activity, account names, and email IDs from over 540 million records. That’s not all. A smaller but similar data set was found for an app called ‘At the Pool’ that included personal information and around 22,000 passwords. It has been reported that these passwords were used for the app and not Facebook.
Both the sets of data were found on Amazon cloud servers, however, there is no clarity on for how long they were available publically. So it cannot be said who all obtained it from the servers or if anyone could access it at all. It is worth adding that the researcher also said that the data was removed from servers after Facebook was contacted.
A Facebook spokesperson addressed the issue in a statement saying, “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
Since last year, Facebook has faced criticism time and again over how it has shared its users’ data with third parties and thereby not provided the security and privacy on its platform that it is supposed to. The most famous among these is the Cambridge Analytica scandal. For those unaware, political data firm Cambridge Analytica extracted users’ data via a harmless looking quiz app. After the scandal came to light, Facebook cut down on the number of apps that have access to user data.
Speaking about the recent breach, UpGuard researchers wrote in a blog post, “Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.”