Researchers from UpGuard found personal records of more than 540 million Facebook users unprotected on Amazon cloud servers.
The data was collected and stored on unprotected online cloud server by third-party app developers.
Researchers discovered two datasets. The first belongs to a Mexico-based media company Cultura Colectiva containing over 540 million records such as comments, likes, reactions, account names, FB IDs and more.
Another one belongs to a Facebook-integrated app titled “At the Pool” and contained information such as user’s friends, likes, events, groups, check-in locations and plaintext passwords of 22,000 users.
Even though passwords exposed were for the At the Pool app, users are advised to change their passwords if they used the same passwords for Facebook and other accounts.
“The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third-party developers.”
Both datasets were stored in an unprotected Amazon S3 bucket configured to allow public download of files.
The data was secured after Facebook, Upgurard and Bloomberg notified Amazon about the issue.
“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third-party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. “ said in the post published by UpGuard Researchers.
Earlier this week Facebook was also found asking newly signed up users to provide their passwords for their email to verify their account.
Last month Facebook also revealed to have mistakenly stored the passwords of hundreds of millions of Facebook and Instagram users in plaintext for years.
You may be interested in reading:New Zero-day flaw in Google Chrome Discovered Actively Exploited in the Wild