April 5, 2019
Cybersecurity firm UpGuard has discovered that Facebook user data has been publicly available on Amazon cloud services. UpGuard was unable to determine how long the personal data was vulnerable, but Mexico-based Cultura Colectiva, for example, stored account names, identification numbers, comments and reactions in 540 million records of Facebook users, which anyone could access and download. The discovery makes it clear that Facebook user data is still insecure, even after the Cambridge Analytica scandal.
Bloomberg reports that it alerted Facebook, which worked with Amazon to shut down the database. For that reason, UpGuard was unable to determine how long the data had been in the open. The company also discovered a database for the “long-defunct app” At the Pool, which provided 22,000 people’s names, passwords and email addresses.
According to Bloomberg, “the problem of accidental public storage could be more extensive than those two instances,” especially since UpGuard found “100,000 open Amazon-hosted databases for various types of data, some of which it expects aren’t supposed to be public.”
“The public doesn’t realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners,” said UpGuard director of cyber risk research Chris Vickery. “Not enough care is being put into the security side of big data.”
Cultura Colectiva, a digital platform for a Latin American audience, states it has “more than 45 million followers on Facebook, Instagram, Twitter, YouTube and Pinterest.” The Facebook data left that company’s control because of its policy to allow app developers on its site to “obtain information on the people using the app, and those users’ friends.”
But that policy allowed a developer to hand over data “tens of millions of people to Cambridge Analytica.” As a result of that scandal, Facebook began to audit “thousands of apps and suspended hundreds until they could make sure they weren’t mishandling user data.” The company now rewards those who discover such problems with third-party apps. Facebook stated that its policies “prohibit storing Facebook information in a public database.”