Although Facebook may be responsible for securing user data on its own site, what happens when third-party developers do not end this?
New research from UpGuard has discovered that this was precisely the case with regard to two data sets of Facebook apps developed by third parties that were found to be exposed to the public internet.
The first leak came from the Mexico-based media company Cultura Colectiva, which left 146 GB of data with more than 540 million records uncovered online.
- Facebook struck by the British government
- Facebook Shutters Onavo VPN app
- Facebook reaches fifteen – a grim reminder of the value of data
The information in the dataset contains account names, Facebook IDs, comments, likes, comments, and more, making it particularly attractive for cyber criminals who want to take over consumer accounts.
A Facebook-integrated app with the name "At the Pool" also appeared to have backed up its user data to the public internet via an Amazon S3 bucket.
After investigating the leak, UpGuard discovered that this database backup contained an abundance of Facebook user information as well as their passwords. Although the Cultura Colectiva dataset may be larger, the discovery At the Pool contains readable Facebook passwords for 22,000 users.
The Pool closed its doors in 2014 and even the website of its parent company is no longer available. This would help alleviate the fears of users whose names, passwords, email addresses, Facebook IDs and other details were visible online for an unknown period.
Both the Cultura Colectiva and At the Pool datasets are stored in their own Amazon S3 buckets that are configured so that their content can be downloaded publicly.
The discovery of UpGuard may not get as much attention as a data breach on Facebook, but it still sheds light on the problem of massive data collection whose social network has notoriously helped popularize.
- We have also marked the best VPN to help you protect your data on the go