Facebook has been dropping the ball lately, big time.
Another day, another Facebook public-relations disaster. In this dataset, there are email IDs and passwords of almost 22,000 Facebook users stored. The company said it will inform users if they find evidence that the data was misused. But as these exposures show, the data genie can not be put back in the bottle.
While the datasets came from third parties, the discovery will still shine a light on how Facebook allows these firms to access user data and the way it is stored.
UpGuard writes that it was only when Bloomberg reached out to Facebook on April 3 that the data was finally secured. The data from those 540 million accounts remained available from early this year until just a few days ago when Facebook intervened with Amazon and had the database secured.
Researchers for the firm UpGuard discovered two separate sets of Facebook user data on public Amazon cloud servers, the company detailed in a blogpost.
A Facebook start page is shown on a smartphone in Surfside Fla. on Aug. 21 2018
On the other hand, when something like this happens, it is House Zuck that ends up catching the heat, even though Facebook's own staff had nothing to do with the exposure itself.
"The public doesn't realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners", said Chris Vickery, director of cyber risk research at UpGuard.
In other words, presumably a list of users' friends, likes, groups, and check-in locations - an incredibly revealing amount of data.
"The real problem is that most of the data - reportedly shared by Facebook with its partners - still remains somewhere, with numerous uncontrolled backups and unauthorised copies, some of which are being sold on the black market already". Once it was alerted to the issue, Facebook worked with Amazon to take down the databases, the spokesperson said, adding that Facebook is committed to working with the developers on its platform to protect people's data. UpGuard said they told Cultura Colectiva about the uprotected stash on January 10 and January 14, and told Amazon server admins on February 1 and February 21.
It kept, in plaintext, passwords for 22,000 users.
On the downside, what these tales indicate is that lots and lots of companies, most of which you've never heard of, have hooks into Facebook user content.