THE SOCIAL NETWORK Facebook has found itself embroiled in yet another privacy scandal after more than 540 million user records were found sitting on a public storage server.
Once again proving that Facebook has no control over the data it shares with third-parties, security researchers at UpGuard uncovered two AWS servers storing over 540 million Facebook-related records that have been collected by two third-party app developers.
The majority of the records come from Mexican media company Cultura Volectiva, which had a 146GB dataset containing more than 540 million records, including information such as account names, IDs and Facebook activity.
The second dataset belongs to now-defunct app 'At The Pool', and while it a much lesser 22,000 records, this included sensitive data including user passwords stored in plaintext.
"The passwords are presumably for the 'At the Pool' app rather than for the user's Facebook account but would put users at risk who have reused the same password across accounts," UpGuard quipped.
It's not clear how long the data sat on the leaky AWS servers, but UpGuard reveals that despite contacting both Cultura Colectiva and Amazon about the leak, the server was not taken down.
It was only after UpGuard notified a Bloomberg reporter of the issue, who in turn contacted Facebook, that Amazon intervened to take down the server.
"Data about Facebook users has been spread far beyond the bounds of what Facebook can control today," UpGuard said. "Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak."
In response to the report, Facebook said its policies "prohibit storing Facebook information in a public database."
"Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data," the Facebook spokesperson added.
News of this privacy lapse comes just a day after it was revealed, courtesy of the Daily Beast, that Facebook is demanding that new hand over the passwords for their personal email accounts in order to sign-up to the social network. µ
Stay alive and it'll find you
Chrome and punishment