Researchers on the cybersecurity agency UpGuard on Wednesday mentioned they’d found the existence of two datasets collectively containing the private information of lots of of hundreds of thousands of Fb customers. Each had been left publicly accessible.
In a weblog put up, UpGuard linked one of many leaky databases to a Mexico-based media firm known as Cultura Colectiva. The information set reportedly accommodates over 146 GB of information, which quantities to over 540 million Fb person information, together with feedback, likes, reactions, account names, Fb person IDs, and extra.
A second leak, UpGuard mentioned, was linked to a Fb-integrated app known as “On the pool” and had uncovered roughly 22,000 passwords. “The passwords are presumably for the ‘On the Pool’ app quite than for the person’s Fb account, however would put customers in danger who’ve reused the identical password throughout accounts,” the agency mentioned. The database additionally contained information on customers’ pals, likes, teams, and areas the place they’d checked in, mentioned UpGuard.
Each datasets had been saved in unsecured Amazon S3 buckets and could possibly be accessed by just about anybody. Neither was password protected. The buckets have since been secured or taken offline.
“The information units range in once they had been final up to date, the info factors current, and the variety of distinctive people in every,” UpGuard mentioned. “What ties them collectively is that they each include information about Fb customers, describing their pursuits, relationships, and interactions, that had been obtainable to 3rd social gathering builders.”
Added Upguard: “As Fb faces scrutiny over its information stewardship practices, they’ve made efforts to cut back third social gathering entry. However as these exposures present, the info genie can’t be put again within the bottle. Knowledge about Fb customers has been unfold far past the bounds of what Fb can management at present.”
Fb didn’t instantly reply to Gizmodo’s request for remark.
This can be a creating story. Test again for updates.
Replace, 2:30pm: Fb gave the next assertion:
“Fb’s insurance policies prohibit storing Fb data in a public database. As soon as alerted to the problem, we labored with Amazon to take down the databases. We’re dedicated to working with the builders on our platform to guard folks’s information.”
Replace, three:40pm: Added textual content clarifying that the 22,000 passwords found by UpGuard belong to Fb customers, however might not grant entry to precise Fb accounts. UpGuard reported that, “presumably,” the passwords would grant entry to the now-defunct app, although the researchers warned it “put customers in danger who’ve reused the identical password throughout accounts.”