Security researchers have found out a huge security breach where hundreds of millions of Facebook user records have been found sitting on a public storage server.
From the post, UpGuard Cyber Risk team were able to find two third party developed Facebook datasets that were exposed to the Internet.
The first one is from a Mexico based media company called Cultura Colectiva. This dataset is 146GB in size and contains a massive 540 million records which has information like Facebook IDs, reactions, account names, likes, comments and more.
Another separate backup was stored on an Amazon S3 server and was titled At the Pool. This one contained Facebook passwords in plain text for 22,000 users, which is not as massive as the Cultura Colectiva dataset.
The scary thing about this is that each of the dataset were stored in their own Amazon S3 bucket and were configured to allow public download of the files.
“Data about Facebook users has been spread far beyond the bounds of what Facebook can control today,” they said in the blogpost. “Combine that plenitude of personal storage with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.”
The researchers contacted Cultura Colectiva about the leak and there was no response. They also informed Amazon Web Services about the data stored and they replied that the owner was made aware of the expose.
When Facebook was alerted about the issue of storing information on public databases, they worked with Amazon to take them down as reported by Bloomberg.
Facebook used to allow developers access data about information of people using the app and their friends but they stopped this recently.