Personal Facebook data was made publicly available on the internet, company admits
Hundreds of millions of records could be accessed by anyone
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Personal Facebook data was uploaded to be publicly accessible on the internet, the company has admitted.
Hundreds of millions of records which included people’s activity on the site had been stored on the internet in a way that allowed anyone to access them, cybersecurity firm UpGuard found.
In all, more than 540 million of the records, including account names, comments and likes, were publicly available on Amazon’s cloud servers after they were uploaded by two third-party apps.
It is just the latest time that Facebook has been accused of failing to protect the privacy of the billions of people who use its site to store their private data.
Facebook said it had taken down the databases once it was made aware of them.
“Facebook’s policies prohibit storing Facebook information in a public database,” a company spokesperson said in a statement.
“Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
The company confirmed it was continuing to investigate the incident.
The databases were from a Mexico-based media company called Cultura Colectiva and an app called At The Pool, the security researchers said.
The incident is the latest in a growing catalogue of data issues for the company, following widespread incidents of misinformation being spread on the network, breaches of user data and allegations of political manipulation.
In October last year, Facebook also revealed millions of email addresses, phone numbers and other pieces of personal user information were compromised during a security breach, affecting as many as 50 million accounts.
Last month, the company also admitted that millions of Facebook, Facebook Lite and some Instagram users had their passwords stored in plain text, leaving the accounts in question at risk.
Cybersecurity expert Ilia Kolochenko, chief executive of online security firm High-Tech Bridge, said Facebook’s problem was the amount of data it reportedly shared with third parties meant it was losing the ability to stop such leaks.
“The reported leak is actually not that dramatic: the 540-million-record database contains mostly publicly accessible data, while the second database with passwords in plain text contains just 22,000 records – a drop in the ocean of leaked credentials in 2018,” he said.
“The real problem is that most of the data – reportedly shared by Facebook with its partners – still remains somewhere, with numerous uncontrolled backups and unauthorised copies, some of which are being sold on the black market already.
“It is impossible to control this data, and users’ privacy is at huge risk. Even if they change their passwords, other data such as private messages, for example, or search history – will remain affixed somewhere and often in hands of unscrupulous third parties.”
Additional reporting by agencies
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments