“Yet another Facebook data breach exposes user data including account names, comments, likes, and more”
Facebook data breaches have become a common thing nowadays, and sometimes it isn’t even the social networking company’s fault. In a not-so-surprising revelation, Facebook datasets have been publicly exposed by two third-party developers. Revealed by cybersecurity firm Upguard, one dataset originates from the Mexico-based media company Cultura Colectiva, exposing 146GB of data containing over 540 million records including comments, likes, reactions, account names, IDs, and more.
The other is from a now defunct app called At the Pool, which exposed the details via Amazon S3 bucket. This contains fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more. While the At the Pool breach was not as large as ‘Cultura Colectiva’, it does reveal data in a plain unprotected text with 22,000 users passwords.
However, At the Pool was last used in 2014, which is a consolation to users whose data is openly exposed. The data stored in the Amazon S3 bucket allowed anyone to download files, which is outright a major privacy concern. With Facebook facing constant criticism over data breaches and privacy issues, another public exposure of datasets is just worsening the situation. Upguard claims to have notified Cultura Colectiva a couple of times over the datasets breach but there has been no response till date. While Amazon quickly responded said to have notified appropriate parties about the exposure, the database backup inside the AWS S3 storage bucket was finally secured only after Bloomberg approached Facebook for comment on April 3rd.