Over 540 million Facebook users’ data exposed on Amazon's cloud servers

Two different third-party developed Facebook app datasets that were uploaded to AWS servers have been exposed to public internet, revealed cybersecurity firm UpGuard. 


Personal information of more than 540 million Facebook users was exposed on Amazon servers, according to the findings of cybersecurity company UpGuard. 

In a blog post titled, Losing Face: Two More Cases of Third-Party Facebook App Data Exposure, UpGuard’s cyber risk team revealed that the exposed data sets belonged to two different app developers. “The UpGuard Cyber Risk team can now report that two more third-party developed Facebook app datasets have been found exposed to the public internet. One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more,” the blog mentioned. It is not yet clear how long the data had been exposed. 

Data leaks - The story that keeps writing itself 

This incident has once again raised questions about the security of Facebook data that is handled by third parties. It is similar to the Cambridge Analytica case, in which the political consulting firm obtained the personal information of 87 million users from an app developer. “These two situations speak to the inherent problem of mass information collection: the data doesn’t naturally go away, and a derelict storage location may or may not be given the attention it requires,” said UpGuard in the blog post. 

Related: Facebook could face multibillion-dollar fine over privacy failures

Data genie is out of the bottle 

The blog also pointed out that the data genie cannot be put back into the bottle. “Data about Facebook users has been spread far beyond the bounds of what Facebook can control today.”  

However, the blog also highlighted that it’s not just the social networking giant that should be held responsible for securing users’ data. The onus also lies with millions of app developers who have built on Facebook’s platform and have access to that data. 

UpGuard also explained it had contacted Amazon about one of the publicly available data sets in January, and Amazon had responded saying it had informed the owner of the bucket. However, that data set was only secured on Wednesday after the news agency Bloomberg contacted Facebook for comment on UpGuard’s findings.

Related: Facebook passwords for hundreds of millions of users were exposed to Facebook employees

Interestingly, this revelation comes soon after Facebook mentioned in a blog that it had stored passwords of hundreds of millions of users internally in a plain-text readable format.