IN LATEST FACEBOOK DATA EXPOSURE, HISTORY REPEATS ITSELF
RESEARCHERS AT THE cybersecurity firm UpGuard have discovered two troves of unprotected Facebook user data sitting on Amazon’s servers, exposing hundreds of millions of records about users, including their names, passwords, comments, interests, and likes. The data sets had been uploaded to Amazon’s cloud system by two different Facebook app developers.
This is just the latest evidence that when Facebook shares data with third parties, it really has no control over where that data ends up or how securely it’s stored. That became abundantly clear last year with the Cambridge Analytica scandal when one University of Cambridge academic was able to collect tens of millions of Facebook users’ data without their knowledge, using a personality profiling quiz app. After that story made headlines, Facebook vowed to crack down on data access and to audit app developers that have ever had access to mass quantities of data. But UpGuard’s findings illustrate the limits of Facebook’s control over information it’s already given away. As the researchers put it in a blog post, “the data genie cannot be put back in the bottle.”
According to UpGuard, one of the exposed databases belonged to a Mexican company called Cultura Colectiva, which used Amazon cloud services to store some 146 gigabytes of data, including 540 million different records. UpGuard alerted the company of the exposure in early January but received no response. By the end of January, the researchers alerted Amazon, which, in turn, alerted Cultura Colectiva again. But the database wasn’t secured until Wednesday, UpGuard reports, after Bloomberg contacted Facebook about it.