The data of at least 540 million Facebook users – and possibly more – were found to be publicly available through misconfigured Amazon Web Services (AWS) instances. That’s what security researchers from UpGuard found out. Most of the data was leaked through the Mexican media company Cultura Colectiva.
Cultua Colectiva’s server showed usernames, reactions and likes, says Silicon Angle. The researchers also found a server for an app called At the Pool. The database contained details of 22,000 Facebook users, including passwords stored as plain text.
In both cases, the data stored on Amazon S3 instances were found to be publicly accessible. Anyone who could find the databases online could view and download the data. In the meantime, both databases have been modified so that they are no longer publicly accessible. However, the researchers do point out that they had already contacted Cultura Colectiva and AWS in January, but that the database remained online until the story came out.
“The public is not yet aware that the people who keep these data – system administrators and high-level developers – are behaving in a risky way or are lazy or are thrashing things out,” says Chris Vickery, director of UpGuard, opposite Bloomberg. “Not enough attention is paid to the security side of big data.”
Dates shared by Facebook
The two organisations received all this data via Facebook itself. The social medium shared such data with third party developers for many years. Anyone who created an app on the platform could get information about the people who use the app and the friends of those users.
This changed about a year ago, when it became known that Cambridge Analytica had obtained such data and used it to create public profiles.
However, UpGuard found a total of 100,000 publicly hosted databases on Amazon for different types of data. For some of these databases, the company suspects that they should not be public. So the problem may be bigger than just the two databases that are now reported and closed.
Reaction Facebook
A Facebook spokesman tells Bloomberg that it is against the policy of the social media to store information in a public database. Once the company was informed of the problem, it worked with Amazon to take the databases offline.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.