A massive accumulation of Facebook user data has been exposed on Amazon servers, further cementing reports the social media giant is struggling to protect data.
Researchers from UpGuard have discovered two third-party Facebook app developers had stored hundreds of millions of Facebook records on publicly accessible Amazon servers.
Mexico-based media company Cultura Colectiva stored 146 gigabytes of user data for more than 540 million records including comments, likes, reactions, account names, FB IDs and more.
Anyone who discovered the records could easily access and download the data.
The second data backup was discovered for now-defunct “At The Pool” app which stored user IDs, friend lists, likes, photos, events, check-ins, passwords and more for 22,000 accounts on an Amazon S3 bucket.
At the Pool exposed data (redacted). Source: UpGuard
UpGuard was unable to determine how long the At The Pool data was accessible, as the information was pulled down during its investigation.
The security researchers first contacted Cultura Colectiva regarding the data exposure on January 10, 2019, and followed up with a second email on January 14 2019.
According to their report, they received no response.
UpGuard state they contacted Amazon Web Services regarding the At The Pool cloud storage on January 28, receiving a response on February 1 that the bucket’s owner had been notified.
However, even with a follow-up email, the data was not secured until April 3 2019, after Facebook was contacted by Bloomberg.
The Facebook platform has a big appeal to app developers for the sheer amount of data generated by users.
The social media platform facilitated the collection of data and its transfer to third parties, who then became responsible for its security.
Cultura Colectiva used data on responses to posts to alter an algorithm to predict what future content would generate the most traffic.
It is true to say that this data would not exist without Facebook, but the social media giant no longer has that data under its control.
Once collated the data doesn’t just disappear — even if the app shuts down — and unless secured it leaves people’s sensitive data exposed.
Exposed Cultura Colectiva data (redacted). Source: UpGuard
