Once again, Facebook data of millions of users were left exposed in public, which could have been accessed by anyone. In a new privacy breach, over 540 million records of Facebook data including accounts names, likes, comments, as well as FB IDs were found exposed on Amazon’s Cloud servers, cybersecurity firm UpGuard Cyber Risk reported.
The data, which is a total of 146 gigabytes in size belonged to Mexico-based media company Cultura Colectiva, the report adds.
Data from a different third-party app called “At the pool”, which was integrated into Facebook, was also left unexposed as well on Amazon’s servers. The data included passwords of close to 22,000 users stored in plain text.
Though the firm speculates the passwords are not of Facebook, but “At the pool” account of users, people who tend to use the same passwords across their multiple social media accounts may have been exposed. The app shut operations in 2014.
It is unclear for how long the personal data of Facebook users, which includes Facebook IDs, email addresses, passwords, likes, interests, relationships, etc was available for to third-party developers. If the data was misused in some way is also unknown at this point.
A Facebook spokesperson, however, told Wired in a statement that the databases have been taken down from Amazon’s servers and the company “is continuing to assess the extent of the information that was available and how people might have been impacted.”
“Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases,” a Facebook spokesperson told Wired.
The latest breach reminds of the Cambridge Analytica data scandal, where personal data of millions of users collected by the firm through a quiz app on Facebook was used to potentially swing voters in the US elections in 2016 and other campaigns.
After the breach came to light, Facebook promised to put limitations on how much data third-party apps can access and enhanced security measures by clearly listing out for users the permissions required by each app.
However, it looks like Facebook does not have control over how third parties use the data as they were found to be uploaded on public servers, exposed to anyone who could have had access. This is not the first time such an incident has occurred.
Last month, Facebook passwords of around 600 million users were stored on the company’s servers in plain text, according to a KrebsonSecurity report, which quotes a senior Facebook employee. The passwords were searchable by over 20,000 Facebook employees.
Facebook admitted the issue and said that it has fixed it and the company will be notifying everyone whose passwords have been stored in plain text.