Over 540m Facebook user records were left exposed on public servers

Two sets of user data taken by third parties have been found on Amazon servers

More than 540m Facebook user records were left exposed on public internet servers, according to cybersecurity researchers. File photograph: Dado Ruvic/Reuters
More than 540m Facebook user records were left exposed on public internet servers, according to cybersecurity researchers. File photograph: Dado Ruvic/Reuters

More than 540 million Facebook user records were left exposed on public internet servers, cybersecurity researchers said on Wednesday, in just the latest security black eye for the company.

Researchers for the firm UpGuard discovered two separate sets of Facebook user data on public Amazon cloud servers, the company detailed in a blogpost.

One dataset, linked to the Mexican media company Cultura Colectiva, contained more than 540 million records, including comments, likes, reactions, account names, Facebook IDs and more. The other set, linked to a defunct Facebook app called At the Pool, was significantly smaller, but contained plaintext passwords for 22,000 users.

The large dataset was secured Wednesday after Bloomberg, which first reported the leak, contacted Facebook. The smaller dataset was taken offline during UpGuard's investigation.

READ SOME MORE

The data exposure is not the result of a breach of Facebook’s systems. Rather, it is another example, akin to the Cambridge Analytica case, of Facebook allowing third parties to extract large amounts of user data without controls on how that data is then used or secured.

“The data exposed in each of these sets would not exist without Facebook, yet these datasets are no longer under Facebook’s control,” UpGuard wrote in its blogpost. “In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security.” – Guardian