Highlights:
A couple of weeks ago, a report by KrebsOnSecurity revealed that Facebook had a copy of hundreds of millions of user passwords stored unencrypted in plain text format—practically an invitation to every social identity attacker out there. Much before that, Facebook was taken to task for the infamous Cambridge Analytica incident. Now, however, a report by UpGuard says that datasets of two more third-party Facebook app developers have been found exposed on public internet. The datasets contain over 540 million records of comments, likes, reactions, account names and IDs, etc.
Found on an Amazon cloud server, the datasets originate from two sources: one from a Mexico-based company called Cultura Colectiva and another from an app called “At the Pool”. The dataset from Cultura Colectiva has over 540 million records and is 146 gigabytes in size. The dataset found on the “At the Pool” app reportedly contained record fields for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and others.
“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak,” UpGuard writes confidently in its report.
This, by any measure, is not the first time Facebook has been called out for breach of privacy of personal user data. The popular social media company has been criticised in the past for either giving away data records of user accounts to third parties or letting it get away because of insufficient security measures. The most famous case involved Cambridge Analytica harvesting information on users through a seemingly innocent quiz app last year.
Related Read:
Facebook stored millions of passwords in plain text for several years: Report
Facebook to alert 87mn users hit by Cambridge Analytica data breach