Facebook app data exposed by third-party developers
Two datasets containing Facebook user information found in unsecured S3 buckets
While Facebook may be responsible for securing user data on its own site, what happens when third-party developers fail to do so on their end?
New research from UpGuard has discovered that this was exactly the case regarding two third-party developed Facebook app datasets that have been found exposed to the public internet.
The first leak originates from the Mexico-based media company, Cultura Colectiva, which left 146GB of data containing over 540m records unsecured online.
- Facebook slammed by UK government
- Facebook shutters Onavo VPN app
- Facebook reaching fifteen – a stark reminder of the value of data
The information contained in the dataset includes account names, Facebook IDs, comments, likes, reactions and more which could make it particularly attractive to cybercriminals looking to take over consumer accounts.
Unsecured backups
A Facebook-integrated app called “At the Pool” was also found to have exposed a backup of its user data to the public internet via an Amazon S3 bucket.
Following its investigation into the leak, UpGuard discovered that this database backup contained a bevy of Facebook user information as well as their passwords. While the Cultura Colectiva dataset may be larger, the At the Pool discovery contains plaintext Facebook passwords for 22,000 users.
At the Pool closed its doors back in 2014 and even its parent company's website is no longer available. This should help assuage the fears of users whose names, passwords, email addresses, Facebook IDs and other details were exposed online for an unknown period of time.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Both the Cultura Colectiva and At the Pool datasets were stored in their own Amazon S3 buckets that were configured to allow their contents to be downloaded publicly.
UpGuard's discovery may not gain as much attention as a data breach at Facebook proper but it still shines a light on the problem of mass data collection which the social network notoriously helped popularize.
- We've also highlighted the best VPN to help you protect your data on the go
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.