Two large datasets were found on public servers yesterday, exposing hundreds of millions of Facebook records. The social network has launched an investigation to determine whether the data was used maliciously, after it was found to contain account names, Facebook IDs, comments, likes, reactions and, in a number of cases, passwords.
The larger of the two has been found connected to a media company called Cultura Colectiva, seeing a staggering 146GB of data containing 540 million records on public Amazon cloud servers. The second, according to research firm UpGuard, came from a now-defunct integrated app called At the Pool and affected just 22,000 users, but contained much more sensitive data including plaintext passwords.
Much like the Cambridge Analytica controversy, the data was easily scraped by third-party companies and then left unsecured. It remains to be seen whether or not each company abused the data they scalped, but the way in which it was stored is already in breach of Facebook’s current policies.
“Facebook’s policies prohibit storing Facebook information in a public database,” explains a spokesperson. “Once alerted to the issue,” when Bloomberg initially broke the story, “we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
Although At the Pool shut its doors in 2014, its parent company has remained notoriously difficult to get in touch with thanks to a repeated 404 error on its website. Cultura Colectiva has similarly remained silent on the matter, refusing to answer emails that date back as far as January 10th.
KitGuru Says: This is sure to hinder CEO Mark Zuckerberg’s plans to transform Facebook into a privacy-focused platform, providing another nail in the coffin. Hopefully the social network notifies affected people soon, but it might be worth changing your password if you haven’t done so recently, or using a password manager like LastPass.