Once again, Facebook is accused of exposing millions of users data in public, which is easily accessed by anyone. In a new privacy breach, 540 million plus records of Facebook data including likes, accounts names, comments, and FB IDs were seen exposed on Amazon’s Cloud servers, cybersecurity firm UpGuard Cyber Risk reported.
Mexico-based media company Cultura Colectiva is said to have data which is approximately 146 gigabytes.
Data collected from a distinct third-party app called “At the pool” which is embedded with Facebook, was too left unexposed on Amazon’s servers. A password of near to 22,000 users is stored in plain text, this kind of data is extracted.
Though the company finds the passwords are not of Facebook, but “At the pool” account of users. People who tend to use similar passwords across their different social media accounts may higher chance to get exposed. The app has shut its operations in 2014.
It is still uncertain for how much time the personal data of Facebook users which is inclusive of Facebook passwords, likes, IDs, email addresses, relationships, interests, etc. were readily available for third-party developers.
If the data was misused in some way is also unknown at this point.
A Facebook spokesperson, however, told Wired in a statement that the databases have been removed from Amazon’s servers and the company “is continuing to assess the extent of the information that was available and how people might have been impacted.”
“Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases,” a Facebook spokesperson told Wired.
The recent breach of the Cambridge Analytica data scandal where personal data of millions of users were collected by the company through a quiz app on Facebook was utilized to manipulate voters in the 2016 US elections and other campaigns.
As Facebook got accused, it assured us to put limits on the quantity of data third-party apps can access. And improve security measures by evidently listing out for customers the consents obligatory by each app.
However, it seems as if Facebook does not have command over the way third parties utilize the data. As these apps were detected to be uploaded on public servers, open to anyone and anytime who could have had access. This sort of incident is not new, it occurred earlier too.
Facebook passwords of nearly 600 million users were saved on the company’s servers just in the form of plain text. According to a KrebsonSecurity report, which quotes a senior Facebook employee. These passwords were readily searchable by more than 20,000 Facebook employees.
Facebook lodged the issue and affirmed of the required actions have already been taken. The company will be highlighting everyone whose passwords have been saved in plain text.