540 million private Facebook records found on public Internet

Monday, April 8, 2019

According to a report on Wednesday by UpGuard, a cybersecurity firm, two databases containing user data from Facebook were found on Amazon.com web servers accessible to the public on the internet. Information leaked included user ID's, photos, Facebook friend and group lists, and interests.

Facebook's logo

One of the databases is owned by the Mexican company Cultura Colectiva, which specializes in digital media, while the other is owned by a separate Facebook-integrated app, At the Pool. In these two instances, the records were publicly available because the "Amazon S3 Buckets" on which the data were stored were misconfigured to allow public access instead of only private access. The original report was not entirely clear about this point, and Wikinews confirmed with UpGuard that the two incidents involved two separate Amazon S3 buckets.

UpGuard reportedly sent an email to Cultura Colectiva on January 10, and again on January 14, but received no response. On January 28, UpGuard reportedly emailed Amazon Web Services informing them of the situation, to which on February 1 Amazon Web Services acknowledged the bucket's owner had been informed. After the database had still not been secured, UpGuard reportedly emailed Amazon Web Services again on February 21, with Amazon Web services responding that they would investigate what else could be done about it. Reportedly, the Amazon S3 Buckets were only secured after Bloomberg contacted Facebook.

The Guardian drew comparisons between this case and the Cambridge Analytica scandal, in which over 50 million Facebook profiles were harvested for data without users' knowledge or consent.

Have an opinion on this story? Share it!

Sources

"Losing Face: Two More Cases of Third-Party Facebook App Data Exposure" — UpGuard, April 3 2019
Jason Silverstein. "Millions of Facebook user records were exposed on Amazon cloud server" — CBS News, April 3 2019
Julia Carrie Wong. "Hundreds of millions of Facebook records exposed on public servers – report" — The Guardian, April 3 2019

Wikinews

This article features first-hand journalism by Wikinews members. See the collaboration page for more details.

Wikinews

This article features first-hand journalism by Wikinews members. See the collaboration page for more details.

Share this:

This page is archived, and is no longer publicly editable.

Articles presented on Wikinews reflect the specific time at which they were written and published, and do not attempt to encompass events or knowledge which occur or become known after their publication.

Got a correction? Add the template {{editprotected}} to the talk page along with your corrections, and it will be brought to the attention of the administrators.

Please note that due to our archival policy, we will not alter or update the content of articles that are archived, but will only accept requests to make grammatical and formatting corrections.

Note that some listed sources or external links may no longer be available online due to age.

This page is archived, and is no longer publicly editable.

Articles presented on Wikinews reflect the specific time at which they were written and published, and do not attempt to encompass events or knowledge which occur or become known after their publication.

Got a correction? Add the template {{editprotected}} to the talk page along with your corrections, and it will be brought to the attention of the administrators.

Please note that due to our archival policy, we will not alter or update the content of articles that are archived, but will only accept requests to make grammatical and formatting corrections.

Note that some listed sources or external links may no longer be available online due to age.