Third-party devs leak millions of Facebook records

Third-party devs leak millions of Facebook records

The UpGuard Cyber Risk team have found that two more third-party developed Facebook app datasets are exposed to the public internet. Researchers notified Cultura Colectiva and Amazon in January, but the data remained unsecured until Wednesday.

A Facebook representative told Bloomberg, which first reported the data vulnerability, that the company's policies prohibit storing Facebook information in a public database and once it was alerted of the issue the company worked with Amazon to take down the databases. Facebook's vice president of Engineering, Security and Privacy, assured users that the passwords were not publicly accessible and that there was no evidence that Facebook employees abused their access. Another backup file on a different storage server by defunct California-based app-maker At The Pool contained significantly more sensitive data, including scraped information on more than 22,000 users, for example, a user's friends lists, interests, photographs, group memberships, and check-ins.

"The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook's control". As for At The Pool, its exposed dataset was taken offline during UpGuard's investigation. Once the data was out of Facebook's hands developers could use it how they wanted.

"Neither sensitive nor private data, like emails or passwords, were amongst those because we do not have access to that kind of data, so we did not put our users' privacy and security at risk", Cultura Colectiva said.

'The surface area for protecting the data of Facebook users is thus vast and heterogenous, and the responsibility for securing it lies with millions of app developers who have built on its platform'.

It's the most recent data lapse by involving the social media giant since the Cambridge Analytica outrage in 2018, which saw more than 87 million Facebook user records scratched without consent by the United Kingdom - based political data firm.

More news: Mueller report can be subpoenaed after successful House Judiciary Committee vote

Facebook this week managed to make the news again in connection with multiple data protection fiasco's.

Whatever role Amazon should play, the episode is only the latest embarrassment for Facebook, still smarting from revelations a year ago that the company lost track of data that it shared with third parties.

Marketing has reached out to Facebook for further updates. According to the information published by the firm, the exposed data is 146 GB in size and has over 540 Million records, including comments, likes, FB IDs among others.

In an interview with CNN, Vickery noted that the social media giant has "no way of guaranteeing the safe storage of the data of their end users if they are going to allow app developers to harvest it in mass".

Naaman Hart, Cloud Services Security Architect at Digital Guardian also comment on the breach and warned users that there is no such thing as free lunch referring to the free use of social media sites especially Facebook.

Related Articles