Millions of Facebook Records Exposed on Amazon Cloud Servers

[MacRumors]

Millions of Facebook records were found on publicly accessible Amazon's cloud servers by researchers at UpGuard, a cybersecurity firm, reports Bloomberg. The data was uploaded by third-party companies that work with Facebook.

Mexico City-based media company Cultura Colectiva, for example, was storing 540 million records on Facebook users on Amazon's servers, offering up information that included identification numbers, comments, reactions, and account names.

A now-defunct app called At the Pool shared sensitive data like names and email addresses for 22,000 Facebook users.

Facebook did not leak this data, but it did provide the data to the third-party companies that went on to improperly store it with no oversight from Facebook. For years, Facebook provided extensive customer information to advertisers and partners, and while the company has since cracked down on the amount of data it shares, the previously obtained information is still widely available.

"The public doesn't realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners," said Chris Vickery, director of cyber risk research at UpGuard. "Not enough care is being put into the security side of big data."

Facebook's prior data sharing habits allowed any app on the site to obtain information from the people using the app and their friends in many cases, which led to the scandal that saw Cambridge Analytica illicitly using personal data acquired from Facebook to create targeted political advertisements in the 2016 election.

Facebook has since modified its privacy policies and has cut down on the access that apps have. Facebook has also suspended hundreds of apps and began audits to make sure data isn't being mishandled.

In response to the public Facebook data found by UpGuard, a Facebook spokesperson told Bloomberg that its policies prohibit the storing of Facebook information in a public database, though there is apparently little oversight from Facebook. Facebook did work with Amazon to take down the databases that were sharing data publicly after UpGuard's discovery.

Article Link: Millions of Facebook Records Exposed on Amazon Cloud Servers

 

[cmaier]

Another day, another facebook data scandal.

 

[JustinM80]

I found myself all over the internet right after the election. I had to place fraud alerts on my credit report and I had to go to court because some scammer racked up $40k in credit cards that I never even applied for. Crap like this happens all the time and there’s little a person can do about it.

 

[esk]

this site should be renamed to apple/facebook fails

 

[sw1tcher]

Millions of Facebook records were found on publicly accessible Amazon's cloud servers by researchers at UpGuard, a cybersecurity firm, reports Bloomberg.

Are we back to trusting what Bloomberg reports now?

#Supermicro

 

[benshive]

Just when you think Facebook has hit rock bottom they somehow manage to dive off of another cliff

 

[cppguy]

Everything you post on facebook is public. There's no such thing as a private post, period. You have to treat facebook like that.

 

[thadoggfather]

Can we tag all facebook news: Weekly Dumpster Fire Download?

 

[jimmirehman]

does anyone even care abut these breaches anymore? Shock value died off years ago!

 

[cmaier]

does anyone even care abut these breaches anymore? Shock value died off years ago!

You care about it if your personal information gets to the bad guys who start opening credit card accounts in your name, yes.

 

[jsmith189]

I use Facebook with a complete understanding that any and everything on there is being sold and likely improperly used. Instagram too. That's why I don't link credit cards and FB has its own individual password. Having said that, I know apps share their data too, so FB probably have it all anyway.

Zuck is the literal devil.

 

[jimmirehman]

You care about it if your personal information gets to the bad guys who start opening credit card accounts in your name, yes.

And they do that with my Facebook login and password how? Did i miss the screen where i input my SS# into Facebook's database?

 

[jsmith189]

And they do that with my Facebook login and password how? Did i miss the screen where i input my SS# into Facebook's database?

You think those two things are all FB have on you? Oh my sweet summer child.

 

[ChrisMoBro]

I found myself all over the internet right after the election. I had to place fraud alerts on my credit report and I had to go to court because some scammer racked up $40k in credit cards that I never even applied for. Crap like this happens all the time and there’s little a person can do about it.

Bloody hell, that’s awful! Hope it’s all sorted now.

 

[talisto]

I have no huge love for Facebook, but this article title is blatantly false. Facebook didn't expose millions of records on Amazon's cloud servers, one of their 3rd party partners did, and the article states that in the first line, so why is the title "Facebook Exposes Millions of Records on Amazon Cloud Servers"??

The article also craps on Facebook saying there's "apparently little oversight from Facebook", as if to imply that they'd somehow be able to stop these 3rd parties from mismanaging their data, but how could they possibly know what and where their data is being stored once it leaves their APIs? The company violated Facebook's T&C's, I'm not sure how they'd have the authority or ability to "audit" that.

EDIT: CNN's title for the same article is "Hundreds of millions of Facebook records exposed on Amazon cloud servers". That seems much more appropriate?

 

[TrentS]

Maybe Zucker should do some time in the clink!

 

[cmaier]

And they do that with my Facebook login and password how? Did i miss the screen where i input my SS# into Facebook's database?

This is app data. If you have participate in memes you have likely given up information like birthdate’s, answers to common financial website security questions (“your porn name is your first pets name combines with the street you grew up on”), etc.

 

[7thson]

Facebook is a dumpster fire, la la la la la.

 

[ricktat]

Great.. now I have to find a new way to share my recipes. Maybe Google+?

 

[omihek]

FacebookRumors daily update: They done messed up.

 

[tbayrgs]

Completely deleting my accounts from all Facebook properties over the past 12 months is easily the best tech move I've made recently. Right behind that kicking Amazon to the curb and starting my move away from Apple's ecosystem.

 

[keifer123]

I don't know if deleting your account from Facebook will help you not become a victim. I read it somewhere that Facebook retains your information on their servers.

Completely deleting my accounts from all Facebook properties over the past 12 months is easily the best tech move I've made recently. Right behind that is starting my move away from Apple's ecosystem.

 

[omihek]

Are we back to trusting what Bloomberg reports now?

#Supermicro

Only when they're exposing someone other than Apple.

 

[tbayrgs]

I don't know if deleting your account from Facebook will help you not become a victim. I read it somewhere that Facebook retains your information on their servers.

Well then that's one more thing they're lying about doing...

Point is that I'm not giving them any additional opportunities to violate my privacy.

 

[ozarkcanoer]

Millions of Facebook records were found on publicly accessible Amazon's cloud servers by researchers at UpGuard, a cybersecurity firm, reports Bloomberg. The data was uploaded by third-party companies that work with Facebook.

Mexico City-based media company Cultura Colectiva, for example, was storing 540 million records on Facebook users on Amazon's servers, offering up information that included identification numbers, comments, reactions, and account names.

A now-defunct app called At the Pool shared names, passwords, and email addresses for 22,000 Facebook users.

Facebook did not leak this data, but it did provide the data to the third-party companies that went on to improperly store it with no oversight from Facebook. For years, Facebook provided extensive customer information to advertisers and partners, and while the company has since cracked down on the amount of data it shares, the previously obtained information is still widely available.Facebook's prior data sharing habits allowed any app on the site to obtain information from the people using the app and their friends in many cases, which led to the scandal that saw Cambridge Analytica illicitly using personal data acquired from Facebook to create targeted political advertisements in the 2016 election.

Facebook has since modified its privacy policies and has cut down on the access that apps have. Facebook has also suspended hundreds of apps and began audits to make sure data isn't being mishandled.

In response to the public Facebook data found by UpGuard, a Facebook spokesperson told Bloomberg that its policies prohibit the storing of Facebook information in a public database, though there is apparently little oversight from Facebook. Facebook did work with Amazon to take down the databases that were sharing data publicly after UpGuard's discovery.

Article Link: Facebook Exposes Millions of Records on Amazon Cloud Servers

We are Facebook's product. It's behavior is what we should expect. So keep information you put on and save to Facebook to the minimum. Your photos, activities, likes, dislikes may (will?) become known to bad actors.