Facebook removes exposed user records stored on Amazon's servers

Facebook removes exposed user records stored on Amazon's servers

Troy Powers
April 6, 2019

Researchers from the cybersecurity firm UpGuard recently discovered that Facebook user account information was exposed on Amazon cloud servers.

Social media platforms like Facebook are about trust, if users don't feel they can use them safely, we're going to see more people leave the platform.

Although smaller, that data set contained passwords for 22,000 Facebook users in clear text.

The new finding is the latest to highlight Facebook's struggle to protect the data collected from its more than 2 billion users.

Facebook has been hit by a number of privacy-related issues, with the latest being a glitch that exposed passwords of millions of users stored in readable format within its internal systems to its employees. Last year, Facebook founder and CEO Mark Zuckerberg testified in front of Congress after it was revealed that tens of millions of users' data was shared with Cambridge Analytica, a political consulting firm that worked on behalf of President Donald Trump during the presidential campaign.

The revelations - first reported by Bloomberg - added to Facebook's mounting privacy woes, which have triggered numerous investigations around the globe.

Chicago Mayor Demands Answers After Smollett Hoax Charges Dropped
The newly released documents say that during February 15-21, Chicago police put the Osundairos up at the Chicago South Loop Hotel. On Tuesday, the IL state attorney's office suddenly dropped the charges and his record was wiped clean , his lawyers said.

While investigating exposed AWS servers, UpGuard also uncovered a separate database that held Facebook user information, including user IDs and people's personal interests.

The second database, belonging to the defunct app At The Pool isn't as large, but its destructive potential can not be neglected. 'As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access.

The incident puts Facebook in a particularly bad position. "Not enough security is being put into the security side of big data", Chris Vickery, director cyber risk research at UpGuard, said. It also limited apps with Facebook Login access from requesting any info beyond a user's name, profile picture, and email address without an official app review.

There's no indication of how long the data was exposed, or if anyone downloaded it. UpGuard notified Cultura Colectiva twice about the exposed database in January, but the company never responded.

One thing worth noting is that the At The Pool app was pulled back in 2014, and it's weird how the users' data is still found lingering around the internet for the malicious attackers to misuse it. When it didn't receive a response, it emailed Amazon Web Services (AWS) on January 28 and then again on February 21, as the data remained accessible. The company's website says it creates content through data and technology and has more than 45 million followers on Facebook, Instagram, Twitter, YouTube and Pinterest.

Even though that once-public data is now properly secured, this isn't a good look for Facebook.