540 million Facebook users had their data leaked by app developers

Share

Security researchers from UpGuard have found more than 540 million Facebook records exposed in a public database.

In October previous year, Facebook also revealed millions of email addresses, phone numbers and other personal user information were compromised during a security breach, affecting as many as 50 million accounts.

Security researchers have uncovered more instances of Facebook user data being publicly exposed on the internet, further underscoring its struggles as it deals with a slew of privacy and other problems.

In the wake of the Cambridge Analytica scandal, Facebook withdrew access to personal data from any third-party app that users hadn't logged in to for 90 days. This one had 22,000 passwords stored in plain text associated with user accounts.

A Facebook spokesperson, however, told Wired in a statement that the databases have been taken down from Amazon's servers and the company "is continuing to assess the extent of the information that was available and how people might have been impacted". Much of the data was publicly available until Wednesday morning after Bloomberg, which first reported on UpGuard's findings, alerted Facebook to the issue and asked for comment.

Facebook used to allow developers access data about information of people using the app and their friends but they stopped this recently. Cultura Colectiva never responded to the researchers' emails, and Amazon, despite receiving notifications from UpGuard about the leaky servers, did not take the leaky AWS server down, even if the data exposure was obvious.

At the heart of the matter are two third-party app datasets stored on Amazon S3 buckets containing reams of Facebook users' info. It also limited apps with Facebook Login access from requesting any info beyond a user's name, profile picture, and email address without an official app review. "The data genie can not be put back in the bottle", reads the post.

It is also a punch in the eye for proponents of what many detractors call the "surveillance economy" where advertising and e-commerce is predicated on intelligence about users' every move and desire.

UpGuard say they reached out to Cultura Colectiva back in January and, as of posting, have still received no response.

At the same time, Facebook chief executive Mark Zuckerberg has embarked on a wholesale reimagining of the way users interact with each other on the social-networking site - and the data the company collects. UpGuard doesn't know how long they were exposed, as the database became inaccessible while the company was looking into it. However, the Mexican media company has 23 million followers on its Facebook page.

On the downside, what these tales indicate is that lots and lots of companies, most of which you've never heard of, have hooks into Facebook user content.

Share