Facebook has reportedly suffered yet another privacy hit: A new report claims that more than 540 million user records were exposed on a public database.
UpGuard cyber risk researchers say two third-party-developed Facebook app datasets were compromised of late. One, originating from the Mexico-based media company Cultura Colectiva, included private records that were posted on Amazon.com Inc’s cloud computing servers. The breach supposedly included comments, likes, reactions, account names, FB IDs, and more.
The second exposed database, from a Facebook-integrated app titled “At the Pool,” was also found online via an Amazon S3 bucket. This one contained usernames, friends, likes, favorite interests (movies, music, books, etc.), photos, events, check-ins, passwords, and more. In total, roughly 22,000 Facebook passwords were openly exposed “for an unknown period of time.”
The app known as “At the Pool” stopped operating in 2014, yet their the database was still publicly available.
“The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each,” UpGuard wrote in a company blog post. “What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers.”
The researchers explained that despite Facebook’s recent attempts to better restrict third-party access, these breaches show it’s often out of the company’s control. “The data genie cannot be put back in the bottle,” reads the post.
A Facebook spokesperson responded to the controversy in a statement to CNet Wednesday: “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
Last month, a report claimed that millions of Facebook passwords were stored in plain sight. And this past September, the social media giant revealed a security breach that compromised the personal data of 50 million users.
Following numerous privacy-related scandals, Mark Zuckerberg released a 3,200-word Facebook privacy manifesto, which included six privacy principles around which the platform will be rebuilt over the next several years. As Fast Company reported, critics quickly doubted the company’s ability to follow through on its promises, especially when it comes to advertisers’ liberal access to user data.