Technology
Millions of Facebook user records left exposed online
Another day, another Facebook privacy scandal.
Hundreds of millions of Facebook user records — including some plain text passwords — were found exposed online free and open for the taking. So reports UpGuard, a cybersecurity risk assessment company, which notes in an April 3 press release that the two data sets in question were configured for public download. Yes, that means that anyone who knew where to look could have pulled it.
At the heart of the matter are two third-party app datasets stored on Amazon S3 buckets containing reams of Facebook users’ info. One such set, from Cultura Colectiva, reportedly had “540 million records detailing comments, likes, reactions, account names, FB IDs and more.”
According to UpGuard, the second dataset, from a third-party Facebook app titled At the Pool, “contained columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_films, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more.”
In other words, presumably a list of users’ friends, likes, groups, and check-in locations — an incredibly revealing amount of data.
While stating that the passwords in the latter data set were “presumably for the ‘At the Pool’ app rather than for the user’s Facebook account,” the UpGuard press release goes on to add that it still “contains plaintext (i.e. unprotected) Facebook passwords for 22,000 users.”
You don’t reuse passwords across sites, do you?
Notably, this data is no longer in Facebook’s control. By allowing third-party apps to scrape Facebook users’ information (remember Cambridge Analytica?) the company essentially loses control of it. UpGuard said it notified Cultura Colectiva about the exposed data, starting with an email on Jan. 10 of this year, but has received no response from the company.
UpGuard writes that it was only when Bloomberg reached out Facebook on April 3 that the data was finally secured. The At The Pool data set, on the other hand, was miraculously pulled offline shortly after UpGuard discovered it. What nice timing.
We reached out to Facebook to determine if At The Pool did in fact have access to, and then expose, the Facebook passwords of 22,000 users. We also asked the company how it intends to prevent this kind of third-party app privacy failure in the future.
A Facebook spokesperson provided the following statement in response:
Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.
In other words, yeah, it’s as bad as it sounds.
-
Entertainment7 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment6 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment7 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment5 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment5 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment4 days ago
‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
-
Entertainment4 days ago
Mars is littered with junk. Historians want to save it.
-
Entertainment4 days ago
CES 2025 preview: What to expect