It's starting to be something of a trend to hear about Facebook-related privacy mishaps, and today, another big one has unfolded. Security researchers have found datasets for two Facebook-integrated apps which were being stored, unprotected, on Amazon S3 servers.
One of the sets comes from a Mexican company called Cultura Colectiva, which stored 146GB worth of user data, amounting to over 540 million records. This includes likes, comments, reactions, Facebook IDs, and more. The researchers reached out to Cultura Colectiva and Amazon Web Services to let them know that data was publicly exposed, with the first e-mail being sent out on January 10 of this year. However, it wasn't until today that the database was finally secured.
The other collection comes from a Facebook app called At the Pool, and while it's smaller, it's potentially even more concerning. This is because, in addition to containing columns for users, events, books, and more, it also contained 22,000 passwords stored in plain text. Much like the other database, this one was configured to allow public download of files, so it could be much more dangerous.
The good news here is that the company behind the app was much quicker to address the situation, and the data was secured before the research team even had the chance to notify the developers, though it's unclear how long it was exposed prior to its discovery. The app was actually shut down in 2014, and even its parent company's website seems to be inaccessible right now.
In this situation, Facebook wasn't directly involved in leaking user data, but its potential impact is still pretty significant. Hopefully, problems like this can be mitigated going forward, but there's not much that can be done about data that's already been taken outside the limits of what Facebook can protect, and we could end up hearing more stories like this in the future.