Technology
Millions of Facebook user records left exposed online
Another day, another Facebook privacy scandal.
Hundreds of millions of Facebook user records — including some plain text passwords — were found exposed online free and open for the taking. So reports UpGuard, a cybersecurity risk assessment company, which notes in an April 3 press release that the two data sets in question were configured for public download. Yes, that means that anyone who knew where to look could have pulled it.
At the heart of the matter are two third-party app datasets stored on Amazon S3 buckets containing reams of Facebook users’ info. One such set, from Cultura Colectiva, reportedly had “540 million records detailing comments, likes, reactions, account names, FB IDs and more.”
According to UpGuard, the second dataset, from a third-party Facebook app titled At the Pool, “contained columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_films, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more.”
In other words, presumably a list of users’ friends, likes, groups, and check-in locations — an incredibly revealing amount of data.
While stating that the passwords in the latter data set were “presumably for the ‘At the Pool’ app rather than for the user’s Facebook account,” the UpGuard press release goes on to add that it still “contains plaintext (i.e. unprotected) Facebook passwords for 22,000 users.”
You don’t reuse passwords across sites, do you?
Notably, this data is no longer in Facebook’s control. By allowing third-party apps to scrape Facebook users’ information (remember Cambridge Analytica?) the company essentially loses control of it. UpGuard said it notified Cultura Colectiva about the exposed data, starting with an email on Jan. 10 of this year, but has received no response from the company.
UpGuard writes that it was only when Bloomberg reached out Facebook on April 3 that the data was finally secured. The At The Pool data set, on the other hand, was miraculously pulled offline shortly after UpGuard discovered it. What nice timing.
We reached out to Facebook to determine if At The Pool did in fact have access to, and then expose, the Facebook passwords of 22,000 users. We also asked the company how it intends to prevent this kind of third-party app privacy failure in the future.
A Facebook spokesperson provided the following statement in response:
Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.
In other words, yeah, it’s as bad as it sounds.
-
Entertainment6 days ago
Earth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment7 days ago
The space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment5 days ago
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment2 days ago
A24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days ago
New teen video-viewing guidelines: What you should know