Facebook users' data exposed for an unknown period of time on Amazon public servers: Report

In yet another blow to Facebook’s data privacy concerns, researchers have indicated that the Facebook app developers left hundreds of millions of user records visible to anyone on public cloud servers. [caption id=“attachment_5547491” align=“alignnone” width=“1024”] Representational image.[/caption] Australian cybersecurity startup company UpGuard has detailed that two third-party developed Facebook app datasets have been found exposed to the internet. The first one originates from a Mexico-based media company called Cultura Colectiva which had 146 GB dataset containing over 540 million records which detailed on things like reactions, comments, likes, IDs and more. The second dataset was from a Facebook-integrated app titled At the Pool which happened to be exposed to the public via an Amazon S3 bucket. An Amazon S3 bucket happens to be a public cloud storage resource available in Amazon Web Services’ (AWS). As of right now, the report has not made it clear how long the data was available for the public to view freely. A Facebook spokesperson said to The Verge, that “Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.” The report by UpGuard says “The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook’s control. In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security.” It is not clear also if the data was misused by any party as we had seen in the Cambridge Analytica data breach scandal. Although it appears that the data was made available by mistake, it still raises troubling questions about Facebook’s data privacy policy which states that storing data on a public server is banned.