Facebook Removes Millions of Exposed User Records Stored Openly on Amazon's Servers

The 146GB trove contained over 540 million records including comments, likes, reactions, account names, Facebook IDs and more.

Security researchers from UpGuard found extensive details like people's comments, passwords, photos, names and likes which had been collected by two third party Facebook apps, Bloomberg reported. "In general, we work with developers to make sure that they're respecting people's information and using it only in ways that they want".

The second leaked dataset appears to be a backup from a third-party, Facebook integrated app called "At the Pool", which contained the same user activity as above and user passwords.

In the latest incident highlighting Facebook's apparently casual approach to mass data collection, the company has once again been caught on the wrong foot.

We're talking about 540 million Facebook users with exposed information free for the taking.

And earlier past year, Facebook revealed that data on millions of users had been harvested by data science company Cambridge Analytica. She added that Facebook's policies now prohibit storing user information in a public database.

UpGuard said it sent two notification emails to Cultura Colectiva on January 10 and January 14 and never received a response.

Joe Kennedy explains why Betsy DeVos's Special Olympics cuts won't happen
The president doesn't have the power to authorize funding for the Special Olympics , since spending levels are set by Congress. More than five million children worldwide are involved with Special Olympic programs.

Facebook has been hit by a number of privacy-related issues, including a glitch that exposed passwords of millions of users stored in readable format within its internal systems to its employees. If that isn't enough, UpGuard also discovered that there are still 100,000 public Amazon-hosted databases out there in the wild, so it's possible that, even beyond Facebook's slip up here, that there is even more publicly-available information out there.

Whether these third parties actually comply is a contractual matter with Facebook and the user's whose data is compromised have no say in the matter.

The first set comes from the Mexico-based media company Cultura Colectiva. "Regardless, the application is no longer active and all signs point to its parent company having shut down", UpGuard said. It then notified Amazon Web Services of the situation on January 28 and again on February 21, but the data wasn't secured until Wednesday morning.

Both of these Amazon S3 buckets had public downloads enabled, so all it would have taken is for someone with less-than-honest intentions to stumble upon those libraries for that data to fall into the wrong hands.

Cultura Colectiva, which has been around since 2013, urges readers to share its stories on Facebook, Twitter, WhatsApp and Pinterest.

The exposure of Facebook's data also illustrated a hard reality: Once accessed or obtained, personal data can live forever.

  • Darren Santiago