Facebook Removes Millions of Exposed User Records Stored Openly on Amazon's Servers

The 146GB trove contained over 540 million records including comments, likes, reactions, account names, Facebook IDs and more.

Security researchers from UpGuard found extensive details like people's comments, passwords, photos, names and likes which had been collected by two third party Facebook apps, Bloomberg reported. "In general, we work with developers to make sure that they're respecting people's information and using it only in ways that they want".

The second leaked dataset appears to be a backup from a third-party, Facebook integrated app called "At the Pool", which contained the same user activity as above and user passwords.

In the latest incident highlighting Facebook's apparently casual approach to mass data collection, the company has once again been caught on the wrong foot.

We're talking about 540 million Facebook users with exposed information free for the taking.

And earlier past year, Facebook revealed that data on millions of users had been harvested by data science company Cambridge Analytica. She added that Facebook's policies now prohibit storing user information in a public database.

UpGuard said it sent two notification emails to Cultura Colectiva on January 10 and January 14 and never received a response.

No Powerball victor yet, jackpot climbs to $750 million
In 2016, Americans spent more than $72 billion on lottery tickets, according to the United States Census Bureau . Powerball games start at $40 million and the payout increases each drawing until someone wins the jackpot.

Facebook has been hit by a number of privacy-related issues, including a glitch that exposed passwords of millions of users stored in readable format within its internal systems to its employees. If that isn't enough, UpGuard also discovered that there are still 100,000 public Amazon-hosted databases out there in the wild, so it's possible that, even beyond Facebook's slip up here, that there is even more publicly-available information out there.

Whether these third parties actually comply is a contractual matter with Facebook and the user's whose data is compromised have no say in the matter.

The first set comes from the Mexico-based media company Cultura Colectiva. "Regardless, the application is no longer active and all signs point to its parent company having shut down", UpGuard said. It then notified Amazon Web Services of the situation on January 28 and again on February 21, but the data wasn't secured until Wednesday morning.

Both of these Amazon S3 buckets had public downloads enabled, so all it would have taken is for someone with less-than-honest intentions to stumble upon those libraries for that data to fall into the wrong hands.

Cultura Colectiva, which has been around since 2013, urges readers to share its stories on Facebook, Twitter, WhatsApp and Pinterest.

The exposure of Facebook's data also illustrated a hard reality: Once accessed or obtained, personal data can live forever.

  • Darren Santiago