Researchers at the cybersecurity firm UpGuard announced Wednesday they found hundreds of millions of records, including comments, likes, reactions and account names, exposed to the public on Amazon servers. It's unclear exactly how many users were affected.
In one case, the Mexico-based media company Cultura Colectiva openly stored 540 million records detailing comments, likes, reactions, account names, Facebook IDs and more. Bloomberg reported that database was closed Wednesday after it alerted Facebook.
In the other incident, researchers found a database of information for a now-defunct app called “At the Pool.” While this database isn’t as large as the Cultura Colectiva collection, it contains the passwords of 22,000 Facebook users.
Each set of data was stored in an Amazon S3 bucket, which allows public download of files, UpGuard said.
“These two situations speak to the inherent problem of mass information collection: the data doesn’t naturally go away, and a derelict storage location may or may not be given the attention it requires,” UpGuard said in a statement.
A Facebook spokesperson released the following statement on the matter to CNN Business:
“Facebook's policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."
About the Author