Earlier today, cybersecurity researchers disclosed that more than 540 million records on Facebook were left exposed on public internet servers. The announcement comes as the latest security black eye for the social media giant.
In a blog post, the company detailed that researchers for the firm UpGuard discovered two separate sets of Facebook user information on the public cloud servers of Amazon.
One dataset that is linked to Cultura Colectiva, a media company that is based in Mexico, contained more than 540 million records, including reactions, likes, comments, Facebook IDs, account names, and much more. The other set is linked to a defunct Facebook app that is called At the Pool, was significantly smaller, however, it contained plaintext passwords for approximately 22,000 users.
Today, the large dataset was secured after Bloomberg, which originally reported the leak, contacted Facebook while the smaller dataset was taken offline during the investigation of UpGuard.
This data exposure is not the result of a breach of the systems of Facebook. Rather, it is another example, akin to the case of Cambridge Analytica, of Facebook allowing third parties to extract massive amounts of user data without controls on how the data is then used or secured.
In its blog post, the researchers from UpGuard wrote: “The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook’s control.”
It added: “In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security.”
Facebook said that it was reviewing the said incident and did not yet know the nature of the data, how the data was collected or why it was stored on public servers. The firm said that it will inform its users if they find evidence that the data was misused.
In a statement, a spokesperson from Facebook stated: “Facebook’s policies prohibit storing Facebook information in a public database.”
She added: “Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
Cultura Colectiva did not answer to a request for comment.
The data exposure is the most recent example of how the efforts of Facebook to be perceived as a “privacy-focused” platform are thwarted by its own past practices and what the researchers of UpGuard called “the long tail” of user data. For years, Facebook enabled third-party app developers with substantial access to the information of its users.
The UpGuard researchers wrote: “As these exposures show, the data genie cannot be put back in the bottle,”
They added: “Data about Facebook users has been spread far beyond the bounds of what Facebook can control today.”