This article was published on April 3, 2019

Facebook data leak (yeah, another one) allegedly exposes passwords, likes, etc

Facebook data leak (yeah, another one) allegedly exposes passwords, likes, etc Image by: COBE

Flip that board that says “It’s been _ days since we found a massive pile of unsecured Facebook data” right back to zero, and get ready to reset your passwords again just to be safe. Security researchers discovered hundreds of millions of records on publicly-accessible Amazon cloud servers — including names, passwords, comments, likes, and all the other stuff we should all just assume has already leaked at some point.

Cybersecurity firm Upguard released its findings earlier today. There are two data sets, originating from different sources, both stored in Amazon S3 buckets — no password protection on either one, naturally. They’ve since been taken down.

In this case, it’s not Facebook itself holding the leaky bucket. The data originated from third-party sources, namely a media company called Cultura Colectiva and an app titled “At the Pool.” The former is the larger of the two — according to Upguard, it includes 540 million records on user likes, comments, IDs and more. The latter apparently includes 22,000 Facebook passwords and email addresses.

Upguard apparently tried to contact Cultura Colectiva, with no response. Facebook was apparently only made aware of the issue yesterday, when contacted by Bloomberg, and the databases were down by this morning. A Facebook spokesperson told TNW, “Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”

Why does that sound familiar? Oh yeah…

Facebook’s major defense post-Cambridge Analytica was that it was limiting third-party apps’ access to this very kind of data. But “At the pool,” which was last used in 2014, apparently predates that measure. Upguard warned Facebook’s previous privacy gaffes would continue to echo for all of us: “But as these exposures show, the data genie cannot be put back in the bottle.”

Also tagged with