Millions of Facebook Records Exposed on Amazon Cloud Servers

Millions of Facebook records were found on publicly accessible Amazon's cloud servers by researchers at UpGuard, a cybersecurity firm, reports Bloomberg. The data was uploaded by third-party companies that work with Facebook.

Mexico City-based media company Cultura Colectiva, for example, was storing 540 million records on Facebook users on Amazon's servers, offering up information that included identification numbers, comments, reactions, and account names.


A now-defunct app called At the Pool shared sensitive data like names and email addresses for 22,000 Facebook users.

Facebook did not leak this data, but it did provide the data to the third-party companies that went on to improperly store it with no oversight from Facebook. For years, Facebook provided extensive customer information to advertisers and partners, and while the company has since cracked down on the amount of data it shares, the previously obtained information is still widely available.
"The public doesn't realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners," said Chris Vickery, director of cyber risk research at UpGuard. "Not enough care is being put into the security side of big data."
Facebook's prior data sharing habits allowed any app on the site to obtain information from the people using the app and their friends in many cases, which led to the scandal that saw Cambridge Analytica illicitly using personal data acquired from Facebook to create targeted political advertisements in the 2016 election.

Facebook has since modified its privacy policies and has cut down on the access that apps have. Facebook has also suspended hundreds of apps and began audits to make sure data isn't being mishandled.

In response to the public Facebook data found by UpGuard, a Facebook spokesperson told Bloomberg that its policies prohibit the storing of Facebook information in a public database, though there is apparently little oversight from Facebook. Facebook did work with Amazon to take down the databases that were sharing data publicly after UpGuard's discovery.

Top Rated Comments

(View all)

9 months ago
Another day, another facebook data scandal.
Rating: 52 Votes
9 months ago
Everything you post on facebook is public. There's no such thing as a private post, period. You have to treat facebook like that.
Rating: 17 Votes
9 months ago
Just when you think Facebook has hit rock bottom they somehow manage to dive off of another cliff
Rating: 15 Votes
9 months ago
this site should be renamed to apple/facebook fails
Rating: 14 Votes
9 months ago
I use Facebook with a complete understanding that any and everything on there is being sold and likely improperly used. Instagram too. That's why I don't link credit cards and FB has its own individual password. Having said that, I know apps share their data too, so FB probably have it all anyway.

Zuck is the literal devil.
Rating: 9 Votes
9 months ago

Millions of Facebook records were found on publicly accessible Amazon's cloud servers by researchers at UpGuard, a cybersecurity firm, reports Bloomberg ('https://www.bloomberg.com/news/articles/2019-04-03/millions-of-facebook-records-found-on-amazon-cloud-servers').


Are we back to trusting what Bloomberg reports now?

#Supermicro
Rating: 5 Votes
9 months ago
Can we tag all facebook news: Weekly Dumpster Fire Download?
Rating: 5 Votes
9 months ago

does anyone even care abut these breaches anymore? Shock value died off years ago!

You care about it if your personal information gets to the bad guys who start opening credit card accounts in your name, yes.
Rating: 5 Votes
9 months ago

And they do that with my Facebook login and password how? Did i miss the screen where i input my SS# into Facebook's database?

You think those two things are all FB have on you? Oh my sweet summer child.
Rating: 5 Votes
9 months ago
I have no huge love for Facebook, but this article title is blatantly false. Facebook didn't expose millions of records on Amazon's cloud servers, one of their 3rd party partners did, and the article states that in the first line, so why is the title "Facebook Exposes Millions of Records on Amazon Cloud Servers"??

The article also craps on Facebook saying there's "apparently little oversight from Facebook", as if to imply that they'd somehow be able to stop these 3rd parties from mismanaging their data, but how could they possibly know what and where their data is being stored once it leaves their APIs? The company violated Facebook's T&C's, I'm not sure how they'd have the authority or ability to "audit" that.

EDIT: CNN's title for the same article is "Hundreds of millions of Facebook records exposed on Amazon cloud servers". That seems much more appropriate?
Rating: 5 Votes

[ Read All Comments ]