Another day, another Facebook screw-up. Millions of Facebook user records were found stored on publicly accessible Amazon cloud servers by researchers at UpGuard, a cybersecurity firm, reportsĀ Bloomberg. The data was stored there by third-party companies working with Facebook.
Just one example of improperly stored data are the 540 million records on Facebook users stored on Amazon’s servers by Mexico City-based digital platform Cultura Colectiva. The records included identification numbers, comments, reactions and account names.
The records were accessible and downloadable for anyone who could find them online. The database was closed on Wednesday after Facebook was alerted to the issue by Bloomberg, and Facebook contacted Amazon.
A long-defunct app called At the Pool stored names, passwords and email addresses for 22,000 people on Amazon servers. UpGuard isn’t sure how long that data was exposed, as the database became inaccessible while they were investigating.
While Facebook did not leak the data in question, it did provide said data to the third-parties that mishandled the information. It is well-known that Facebook for years has provided loads of customer information to advertisers and other partners, with little to no oversight.
While the company has cracked down on the amount of customer data it now shares, it is a case of closing the barn door after the horse has bolted. In other words, too little too late.
“The public doesn’t realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners,” said Chris Vickery, director of cyber risk research at UpGuard. “Not enough care is being put into the security side of big data.”
Facebook’s negligent data sharing habits were exposed during the Cambridge Analytica scandal, when that company wrongly used personal user data from Facebook to target political ads during the 2016 election.
Facebook says it has since modified its privacy policies and cut down on the access that third-party apps have to user data. Facebook has also reportedly suspended hundreds of apps and has begun extensive audits to ensure data is being handled properly.
A Facebook spokesperson toldĀ Bloomberg that the social network’s policies prohibit storing Facebook information in a public database. It should be noted that Facebook did work with Amazon to take down the databases following UpGuard’s discovery.
However, [fill in your deity’s name here] only knows what other Facebook screw-up is waiting in the shadows to bite the social network and its users in the butt in the future.