It is definitely not a good week for Facebook. Soon after the news of the tech giant being caught asking some of the users to share their email account passwords, comes another data breach news.
Around 540 million records of Facebook users have been found exposed on unprotected Amazon cloud servers. These datasets were collected and insecurely stored online by third-party Facebook app developers.
The security researchers at the cybersecurity firm UpGuard said that they have found two datasets—one from a Mexican media company named Cultura Colectiva and the second from a Facebook-integrated app called “At the pool.” Both these datasets were exposed to be publicly accessible on the Internet.
The data collected by Cultura Colectiva has a size of more than 146 GB and contains over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs etc.
The second dataset belonging to the app “At the Pool” includes information about users’ friends, likes, groups, and checked-in locations, and also “names, plaintext passwords and email addresses for 22,000 people.
According to UpGuard researchers the plaintext passwords found in the database were for the At the Pool app and not the passwords of the Facebook accounts. But normally many people tend to use same passwords across different platforms and for multiple accounts. So, the leaked passwords could have been the password for their Facebook accounts as well.
Facebook has taken several steps to reduce third-party access. But from this data breach it is clear that the data about Facebook users, have been spread far beyond the control of the company.
The two datasets were stored in unsecured Amazon S3 buckets, which has been secured now and taken offline after Amazon was notified regarding the issue.
This is not the first-time third-party companies have misused Facebook data and sometimes leaked it to the public.
The most famous and worst incident was the Cambridge Analytica scandal in which the political data firm improperly gathered and misused data on 87 million users through a seemingly harmless quiz app. Facebook had faced a huge fine of £500,000 by the European Union.
Even after taking several steps to tighten their privacy controls, Facebook faces a lot of criticism for not doing enough to offer better privacy and security to its billion users.