Half a billion records of millions of Facebook users have been found exposed on Amazon cloud servers. The data do not directly come from Facebook; they were collected and stored by third-party app developers.
Researchers at UpGuard today revealed that they discovered two datasets—one from a Mexican media company called Cultura Colectiva and another from a Facebook-integrated app called “At the pool”.
More than 146 GB of data collected by Cultura Colectiva contains over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more.
The second dataset belonging to “At the Pool” app contains information about users’ friends, likes, groups, and checked-in locations, as well as “names, plaintext passwords and email addresses for 22,000 people.”
“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third-party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users have been spread far beyond the bounds of what Facebook can control today,” experts at UpGuard said.
Both datasets were stored in unsecured Amazon S3 buckets, which have now been secured and taken offline after Upguard, Facebook and media contacted Amazon.