Facebook user records exposed again! In yet another data breach that’s hit the social media giants, data for millions of users has been found on a publicly-accessible Amazon server.
This is one in a growing line of recent Facebook data breach incidents that has plagued the tech giants in recent years. This appears to be another case of third-party developers being responsible for the incident as well. It’s understood that the leaks involve Cultura Colectiva, a media firm, and an app named At The Pool.
Some of the data that has been exposed in this leak is worrying. It’s yet another warning about the dangers of sharing Facebook account information via apps and plugins. Facebook themselves cannot avoid responsibility for these incidents either.
Facebook user records exposed in massive online leak
A wealth of Facebook user records exposed on a publicly-accessible Amazon cloud server has raised further questions about the protections offered to people with profiles on the social media platform.
It’s understood that the data for hundreds of millions of users has been found by cybersecurity researchers at Upguard.
Data that has been exposed in the data breach includes:
- Names;
- Facebook identification numbers;
- Email addresses;
- Comments;
- “Likes”;
- Friend lists;
- Photographs;
- Location information;
- Passwords (some 22,000 passwords were reportedly found!)
The exposure of this kind of information can make the victims easy pickings for cybercriminals. Facebook has tried to improve its public image recently following a spate of recent data breach incidents, and the massive Cambridge Analytica scandal.
They also reportedly scrubbed access to a lot of apps after reviews of how secure certain apps may be. This latest exposure suggests that further scrutiny may be required.
What’s being done about the Facebook user records exposed
The database of Facebook user records exposed on the cloud server has reportedly been taken down. Facebook themselves have stated that their polices “prohibit storing Facebook information in a public database”.
It’s also understood that the databases for both Cultura and At The Pool have been taken down as well. That being said, it’s also understood that the issue had been identified some months ago, and it’s taken a long time for the issue to be resolved. It can’t be ruled out that cybercriminals have already had sight of the data that was exposed in the breach, and victims may already be at risk.
The UK’s data watchdog – the Information Commissioner’s Office – may want to investigate this matter as well. If there are victims here in the UK, a huger GDPR fine could be issues over the breach. If one is issued, it could be one in a long line.