Published: Sat, April 06, 2019
Finance | By Kristine Clayton

Over 540 million Facebook user records leaked by third parties

Over 540 million Facebook user records leaked by third parties

Hundreds of millions of records on Facebook users were stored on public Amazon servers and available for anyone to download, a cybersecurity firm found.

Facebook used to allow developers access data about information of people using the app and their friends but they stopped this recently. Facebook has, in some cases, demanded some new users to disclose their email passwords, without any legitimate reason.

Security researchers claim to have discovered another data breach in the social media platform Facebook with more than 540 million user records affected - though the principle blame lies at the feet of third-party developers, rather than Facebook itself.

Since the Cambridge Analytica debacle past year, Facebook has been embroiled in data breaches, and despite its acclaimed concentration on measures to be taken, it comes as no surprise that we are reading about another such data leak again.

While Facebook is now trying to cover their angles saying that user privacy is one of their main goals, user data collected by third-party apps is already out there, stored in the cloud within databases that might or might not be protected adequately.

"It was not until the morning of April 3rd, 2019, after Facebook was contacted by Bloomberg for comment, that the database backup. was finally secured", the post said. UpGuard said it emailed Cultura Colectiva about the issue on January 10 and 14.

Facebook said last month it resolved a glitch that exposed passwords of millions of users stored in readable format within its internal systems to its employees. That database held about 540 million records from Facebook users, mostly in Mexico and Latin America, who subscribed to the Spanish-language news and culture app. "In this case, Facebook partnered with various organizations and transferred user data from Facebook users to those third parties". Everything from user names, Facebook IDs, likes, comments and reactions practically became public knowledge.

The security researchers then notified Amazon Web Services of the situation on 28th January, and AWS sent a response on 1 February saying that the bucket's owner was made aware of the exposure. It was unclear whether Cultura Colectiva accessed this data before 2015 or afterward, when Facebook put in place more stringent restrictions on developers.

As noted above, the "cc-datalake" storage bucket was the larger of two separate data exposures but the second could potentially be more impactful, although it was secured more quickly. The security team at UpGuard stated that they found two data breach incidents in different regions. Once the data is out of Facebook's hands, the developers can do whatever they want with it.

Like this: