Another Day, Another Massive Facebook Data Leak

At this point it seems kind of rote, but we may as well tell you: there’s been another massive exposure of Facebook data. Up to 540 million accounts have been affected, which raises the very solid possibility that yours is one of them.

Security firm UpGuard, which frequently reports on the poor data practices of large tech companies, identified the leak and made a blog post detailing their findings:

The UpGuard Cyber Risk team can now report that two more third-party developed Facebook app datasets have been found exposed to the public internet. One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more. This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data.

As with the infamous Cambridge Analytica scandal, this isn’t a case of Facebook itself being compromised. Instead, it’s about Facebook historically being very willing to hand out data to companies which then do very little to keep the information safe.

A second, smaller leak was also identified, related to a Facebook app named ‘At the Pool’. Despite lacking the scale of the Cultura Colectiva leak, it involved the exposure of 22,000 passwords in plaintext, which would obviously be bad if those affected used those passwords for anything else.

The datasets have now been taken offline from the Amazon servers on which they were stored, but they were completely accessible by anyone while they were online.

The company has sought to address their previous problems with easy data access from compromised third-party sources, but it’s inevitable they’re going to keep running into problems with the data they handed out in the first place.

Facebook has given a statement about the leak:

Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.

Guess that solves it!