Home Technology Facebook app developers post millions of user records on cloud servers

Facebook app developers post millions of user records on cloud servers

2 min read

Another week, another Facebook data breach. Though it appears this time it is not Facebook itself that is directly responsible for the leak, but rather a separate app development company. However, it does still shine a light on exactly how much data Facebook shares with its various developers and the continued risk from the multitude of companies that may have access to that data.

According to the researchers from UpGuard, the larger of the two data sets came from a Mexican media company called Cultura Colectiva. A 146GB data set with information like Facebook user activity, account names, and IDs was found that included more than 540 million records, the researchers said. A similar data set was also found for an app called “At the Pool.” While smaller, the latter included especially personal information, including 22,000 passwords apparently used for the app, rather than directly for Facebook.

It’s not clear how long this data was publicly available or if anyone had previously obtained this data from the servers. According to the report, both data sets were found on Amazon cloud servers, and the data was removed soon after Facebook was contacted. Something the company reiterated in a separate statement:

Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.

While Facebook hadn’t exposed any user passwords or other confidential information to these app developers, it does show that they are sending this data in an unencrypted manner to these developers rather than making use of some sort of private key encryption to allow app developers to work with this data. While it might seem like something that is a bit of an overkill for what is essentially, mostly harmless data, it is still data that should never be exposed regardless. It’s also a poor showing from app developers who are perpetuating the problem. It shows that a lack of respect towards private data is an industry problem and not just something Facebook alone is at fault for.

There are still yet to be any major move by governments to legislate the use of consumer data, but with many governments working on it, expect to see new legislation coming out in the not too distant future.

Last Updated: April 4, 2019

One Comment

  1. Gr8_Balls_o_Fire

    April 4, 2019 at 17:29

    Or, you know, go back to normal life without social media poisoning your life.


Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Facebook is adding VR ads to Oculus Quest apps, podcasts on its main hub

Facebook is bringing its elaborate advertising network to the Oculus platform while also a…