Third-party errors left over 540 million Facebook records exposed

Data sharing is only as secure as the weakest link in the chain.

Sponsored Links

Johannes Berg/Bloomberg via Getty Images
Johannes Berg/Bloomberg via Getty Images

Facebook is embroiled in another privacy scandal, although this time it's not of the company's direct making. UpGuard researchers have discovered over 540 million Facebook interaction records left exposed by third parties using Amazon's cloud services. Nearly all of them come from Mexican media company Cultura Colectiva, which recorded account names, comments, Facebook IDs and likes, among other details. Another exposure comes from At the Pool, a long-defunct app that left 22,000 passwords unprotected in addition to other sensitive details.

UpGuard didn't have much success getting Amazon to take down the content. It first emailed Cultura Colectiva on January 10th, and Amazon on January 28th. Cultura's data trove wasn't taken down until April 3rd, when Bloomberg reached out to Facebook for a comment. At the Pool's data vanished before a notification email could be sent.

In its response, Facebook said that the company's policies prevented storing data in public databases, and that it worked with Amazon to remove the material.

There's only so much Facebook could have done to keep a lid on the data without storing it internally, and that might have been tricky when Cultura had 146GB of records by itself. However, this does underscore a growing problem for Facebook and other data-centric tech companies: user information is only as secure as the least secure part of the chain. And in some cases, those partners make basic mistakes like leaving data publicly accessible. You might not see improvements on this front until every company is just as diligent at locking down data, not just the original providers.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
Third-party errors left over 540 million Facebook records exposed