Facebook app data exposed by third-party developers

Image Credit: Shutterstock

While Facebook may be responsible for securing user data on its own site, what happens when third-party developers fail to do so on their end?

New research from UpGuard has discovered that this was exactly the case regarding two third-party developed Facebook app datasets that have been found exposed to the public internet.

The first leak originates from the Mexico-based media company, Cultura Colectiva, which left 146GB of data containing over 540m records unsecured online. 

The information contained in the dataset includes account names, Facebook IDs, comments, likes, reactions and more which could make it particularly attractive to cybercriminals looking to take over consumer accounts.

Unsecured backups

A Facebook-integrated app called “At the Pool” was also found to have exposed a backup of its user data to the public internet via an Amazon S3 bucket.

Following its investigation into the leak, UpGuard discovered that this database backup contained a bevy of Facebook user information as well as their passwords. While the Cultura Colectiva dataset may be larger, the At the Pool discovery contains plaintext Facebook passwords for 22,000 users.

At the Pool closed its doors back in 2014 and even its parent company's website is no longer available. This should help assuage the fears of users whose names, passwords, email addresses, Facebook IDs and other details were exposed online for an unknown period of time.

Both the Cultura Colectiva and At the Pool datasets were stored in their own Amazon S3 buckets that were configured to allow their contents to be downloaded publicly.

UpGuard's discovery may not gain as much attention as a data breach at Facebook proper but it still shines a light on the problem of mass data collection which the social network notoriously helped popularize.

  • We've also highlighted the best VPN to help you protect your data on the go
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Passwordless authentication continues to grow, with biometrics helping push adoption
Latest in News
Google Chromecast 2
Google is finally rolling out a fix for broken Chromecasts – just as new bugs appear on the Chromecast with Google TV
Garmin Instinct 3 in Neotropic Green
"I'm an idiot": Garmin user reveals how fixing one setting completely changed their training after months of making no progress
The main battle pass characters in Fortnite Lawless, including Midas, Sub Zero and a large wolf-man
You'll finally be able to play Fortnite on Windows 11 Arm-powered laptops as Epic Games partners with Qualcomm
DeepSeek on an iPhone
OpenAI calls on US government to ban DeepSeek, calling it ‘state-subsidized’ and ‘state-controlled’
Apple iPhone 16e REVIEW
Some iPhone 16e owners are reporting Bluetooth audio issues that could be an iOS problem
The TikTok logo appears on a smartphone screen with the United States flag in the background
Oracle could still end up running TikTok