Facebook user records found exposed on Amazon cloud service

But, it users have used the same passwords on both their Facebook accounts and the third-party "At the Pool" app, they are now at risk for someone to hack their accounts.

What's Facebook doing about it? But since Amazon has taken steps to address the issue, companies like Cultura should be aware, he said.

UpGuard said it sent two notification emails to Cultura Colectiva on January 10 and January 14 and never received a response.

The data, which is a total of 146 gigabytes in size belonged to Mexico-based media company Cultura Colectiva, the report adds. "Once alerted to the issue, we worked with Amazon to take down the databases".

Cultura Colectiva spokesman Daniel Peralta said in a statement that all the data provided to the company by Facebook was gathered from the fan pages the company manages as a publisher, which is "public, not sensitive, and available to all users who have access to Facebook".

How much data do these buckets contain?

Amazon did not immediately respond to requests for comment.

The data from At the Pool went offline before UpGuard reached out about it.

At the heart of the matter are two third-party app datasets stored on Amazon S3 buckets containing reams of Facebook users' info. But as these exposures show, the data genie can not be put back in the bottle, ' the company explains. "Data about Facebook users has been spread far beyond the bounds of what Facebook can control today".

Well, it's hard to say. In addition, you lose nothing in changing the password on a regular basis. As UpGuard says, the data genie can not be put back in the bottle.

According to UpGuard, all information found was collected by two applications, Collective Culture and At the Pool.

"The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook's control", the UpGuard post says in conclusion.

Then in November 2017 UpGuard found "critical data" belonging to the USA army on virtual image of hard disk left on an AWS server, without password protection.

The exposure of Facebook's data also illustrated a hard reality: Once accessed or obtained, personal data can live forever.

The incident puts Facebook in a particularly bad position.

UpGuard argues that, while the two third-party developers are responsible for the breaches themselves, Facebook can not escape blame.

But when the researchers checked again on 21 February they discovered the data was still not secured, and an email was to Amazon Web Services.

Millions of Facebook user records have been "exposed to the internet" in what could be the latest Cambridge Analytica-style shambles for the social network, cyber security researchers have revealed.

Another day, another Facebook privacy scandal.

  • Anthony Vega