Saltar al contenido

540 million Facebook records discovered on Amazon servers

noviembre 8, 2019

It was not Facebook that put the data in this place, they were collected by two third-party companies, which violated Facebook's policies by storing them publicly.

Two unprotected caches of Facebook user data, one of which has 540 million records, were recently discovered on Amazon's cloud servers, based on how much Affirmed by the UpGuard data breach monitoring company in a post published Wednesday 3 April. But the fact that there were so many user data and that it seems to have been quite easy to find, makes us wonder how many more Facebook user data are present in the Cloud and beyond the reach of Facebook.

540 million Facebook records discovered on Amazon servers

Due to the fact that Facebook is facing controls on its data management practices, it has made efforts to reduce third party access, states the UpGuard post, but as these flaws show, the genius of data cannot be pushed back into the bottle: data on Facebook users have spread far beyond the limits of what Facebook can now control.

To be clear, the 540 million records found in the largest of the two data sets do not translate into 540 million Facebook users. This data set was collected by a Mexican digital media company called Collective culture, which has a nice website, heavy and full of photos, both in Spanish and in English, dedicated to both Latin American and pop culture. a sort of hybrid between Mashable, Tumblr and BuzzFeed.Cultura Colectiva, which has been active since 2013, invites readers to share its stories on Facebook, Twitter, WhatsApp and Pinterest. His comment system uses the Facebook API. Anyone wishing to comment must log in to Facebook and stay connected.

It seems that the 540 million records can actually be an aggregate of all comments, likes, reactions, account names, Facebook IDs and more, as described by UpGuard, related to every comment ever made on any history of cultural culture However, this is about 146 gigabytes of material, according to UpGuard. It would be a rich collection of data on Facebook users to use for anyone interested, but it should not include Facebook passwords and does not offer any routes directly to Facebook accounts.

Sorry, the pool is closed

The other set of data was collected by a failed social media startup called At the Pool that it aimed to pool people who shared similar interests and who were geographically close to each other. At a certain point, At the Pool required authentication with Facebook.

The package of data on Amazon by The Pool found by UpGuard contained data on 22,000 Facebook users, including:

  • the Facebook user ID
  • i like it
  • friends
  • the photos
  • the groups
  • the interests

There were also plaintext passwords, but no Facebook passwords.

The passwords are presumably for the At the Pool app, rather than for the user's Facebook account, but they would put users who have reused the same password in the accounts at risk, observed the UpGuard blog.

After two years of activity, At the Pool gone bankrupt in 2014 and the data may have remained unsupervised on the Amazon Cloud for five years. Among other things, the data was removed from the Amazon server while the UpGuard researchers they started poking around and before there was a chance to alert someone.

I do not know if this is a coincidence, if there was a poor hosting period, or if a responsible party became aware of the exposure at that time, wrote UpGuard. Regardless of this, the application is no longer active and all signals indicate that the parent company has been closed.

Radio silence

The case of the Culture Culture data is different. UpGuard claimed to have spoken with Cultura Colectiva about the issue on January 10 and January 14, and communicated this to Amazon administrators on February 1 and February 21.

Nothing was done until the morning of 3 April 2019, after Facebook was contacted by Bloomberg for a comment on the matter.

540 million Facebook records discovered on Amazon servers: have they lost control?

These two stories have vaguely happy endings, because there is no evidence that anyone besides the UpGuard researchers was aware of both data sets, although of course we cannot know for sure.

The flip side of the coin is what these stories indicate that many and many companies, many of which you have never heard of, have links with users' content on Facebook. There are almost certainly tons of other Facebook data stored on Amazon's web servers. These two sets of data are simply what the UpGuard researchers have been able to find and it does not mean that there are no others.

So far, the amount of misused Facebook data we have learned including Cambridge Analytica and these two databases – they are probably just the tip of the iceberg.

The data shown in each of these sets would not exist without Facebook, but these data sets are no longer under Facebook's control, concluded the post of UpGuard.

The Facebook platform has facilitated the collection of data on people and their transfer to third partiesi, he added, the responsibility to protect (Facebook user data) is also found in millions of app developers who have built on its platform. "


Rate this post