UpGuard Discovers Millions of Facebook Users’ Data on Insecure Third-Party Servers
UpGuard, a platform focused on helping vendor management teams mitigate cyber risks, has released a report on April 3, 2019, revealing how it found millions of Facebook users’ personal information on two insecure third-party servers exposed to the public Internet.
Facebook Still Leaking Peoples’ Data
The UpGuard Cyber Risk team has revealed that it has found hundreds of millions of Facebook Users’ personal information on the public storage servers of two third-party firms.
According to researchers at UpGuard, more than 540 million records of Facebook users’ personal information including account names, Facebook IDs, comments, likes, reactions and more, were found on the insecure public server of Cultura Colectiva, a Mexican digital media publisher.
Another massive backup exposed to the public Internet via an Amazon S3 storage service was also reportedly found on a Facebook-integrated app known as “At the Pool.”
Interestingly, the “At the Pool” database backup contained vital information of 22,000 Facebook users such as user IDs, friend lists, photos, likes, uploaded movies, books, interests, passwords and more.
UpGuard notes that while the passwords may be for the “At the Pool” app rather than for users’ Facebook account, it could still expose users who use the same password on multiple platforms on the Internet to various risks.
UpGuard further stated that though the “At the Pool” platform ceased operating in 2014, and its parent company may have also stopped functioning entirely, users of the service are still very much at risk, since their data have been available on the Internet for an unknown period without their consent.
“The data sets show varying details in terms of when they were last updated, the data points available, and the number of unique individuals in each. However, what ties them together is that they both contain essential data about Facebook users, describing their interests, relationships and interactions and these details were all available to third-party developers.”
Facebook not Doing Enough
Though Facebook claims that it has now removed relevant user data contained on those public servers and that “neither sensitive nor private data were leaked,” this latest incident goes a long way to show there is a need for the social media giant to up its data storage game to prevent ugly occurrences like the Cambridge Analytica scandal of 2018, as well as previous glitches from happening again.
It’s worth noting that Mark Zuckerberg and his Facebook team are not oblivious to the capabilities of blockchain technology and Facebook is seriously looking to adopt the groundbreaking tech.
Earlier in February 2019, BTCManager reported that Facebook had started exploring the use of distributed ledger technology for data authorization purposes.