wordpress blog stats
Connect with us

Hi, what are you looking for?

540 million Facebook records exposed via third-party apps; data included account names, likes, Facebook IDs and more

Over 540 million Facebook records were left exposed on the public internet via two third-party Facebook apps, reports cybersecurity firm UpGuard. The firm discovered two separate sets of Facebook user data on public Amazon cloud servers. One dataset linked to Mexico-based media company Cultura Colectiva contained over 540 million records including comments, likes, reactions, account names, Facebook IDs and more. Another linked to a defunct Facebook app called ‘At The Pool’, contained plaintext passwords for 22,000 users.

Both datasets contain data about Facebook users, describing their interests, relationships, and interactions. Although Facebook has made efforts to reduce its third-party access to data, especially after Cambridge Analytica, argues UpGuard, these exposures show that “the data genie cannot be put back in the bottle.” “The data exposed in each of these sets would not exist without Facebook,” explained UpGuard, “yet these data sets are no longer under Facebook’s control.”…”In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security.”

Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.

Breach notice: UpGuard first notified Cultura Colectiva – a platform for posts about celebs and culture – of the breach on January 10, and once again on January 14, but has not received a response until today. The firm then contacted Amazon Web Services on January 28, and once again on February 21. AWS stated that they were looking into it. The database was eventually secured only on April 3 when Facebook was contacted by Bloomberg for comment. As for At The Pool, its exposed dataset was taken offline during UpGuard’s investigation.

Facebook said it was investigating the incident and did not know the nature of the data, how it was collected or why it was stored on public servers. The company said it will inform users if they find evidence that the data was misused.

Cambridge Analytica was a watershed for Facebook and privacy around the world. A personality quiz app was used to mine information of 87 million people on Facebook, and used to target them with political ads as potential voters. The fallout of this was that Facebook last year began cracking down on third party apps. It suspended 400 apps in August last year due to concerns around the developers who built them or how the information people chose to share with the app may have been used. This incident also shows that data safety issues have another dimension; that is when companies have switched to to cloud-computing services from Amazon, Microsoft, Google, and others, instead of running operations on their own data centers.

Advertisement. Scroll to continue reading.

Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ