10 Apr 2019
Third party Facebook app developers have caused yet another database leak. Unprotected Amazon cloud servers put more than half a billion Facebook user information at risk.
UpGuard, a cybersecurity firm, discovered that two datasets were publicly accessible—Coltura Colectiva, a Mexican media company, and “At the pool”, a Facebook-integrated ap.
Researchers at the cybersecurity firm UpGuard today revealed that they discovered two datasets—one from a Mexican media company called Cultura Colectiva and another from a Facebook-integrated app called “At the pool”—both left publicly accessible on the Internet. “At the pool” contained information about users’ friends, groups, check-in locations, names, and plain text passwords for over 22,000 people.
“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third-party access,” experts at UpGuard say, “But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users have been spread far beyond the bounds of what Facebook can control today.”
Facebook is still trying to recover from a rash of security issues, including the Cambridge Analytica scandal that has Facebook facing a £500,000 UK fine.
Both unsecured Amazon S3 buckets containing the datasets have now been secured and taken offline.