Over 540 million Facebook records were left exposed on the public internet via two third-party Facebook apps, reports cybersecurity firm UpGuard. The firm discovered two separate sets of Facebook user data on public Amazon cloud servers. One dataset linked to Mexico-based media company Cultura Colectiva contained over 540 million records including comments, likes, reactions, account names, Facebook IDs and more. Another linked to a defunct Facebook app called 'At The Pool', contained plaintext passwords for 22,000 users. Both datasets contain data about Facebook users, describing their interests, relationships, and interactions. Although Facebook has made efforts to reduce its third-party access to data, especially after Cambridge Analytica, argues UpGuard, these exposures show that "the data genie cannot be put back in the bottle." "The data exposed in each of these sets would not exist without Facebook," explained UpGuard, "yet these data sets are no longer under Facebook’s control."..."In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security." Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak. Breach notice: UpGuard first notified Cultura Colectiva – a platform for posts about celebs and culture – of the breach on January 10, and once again on January 14, but has…
