Researchers at UpGuard, a cybersecurity firm, found user information data hidden from view, publicly displayed inadvertently on Amazon.com Inc. cloud servers. The finding shows that one year after the Cambridge Analytica scandal which exposed the insecurity and the open diffusion of the information of the users of Facebook online. The companies that control that information in each stage have not yet done enough to hide the private data.
In one case, the media company Cultura Colectiva, based in Mexico City, openly stored 540 million Facebook user records, including identification numbers, comments, reactions and account names. This database was closed on Wednesday after Bloomberg alerted Facebook of the problem and the latter contacted Amazon. Facebook shares reduced their profits after the Bloomberg News report.
Another database for a missing application called At the Pool published lists of names, passwords and email addresses of 22,000 people. UpGuard does not know how long they were exposed, since the database became inaccessible while the company was investigating.
A serious problem that seems out of control
Facebook shared this type of information freely with external developers for years, before taking more recent measures. The problem of accidental public storage could be broader than those two cases. UpGuard found 100,000 open databases hosted on Amazon for various types of data, some of which it hopes will not be public.
“The public still does not realize that these high-level system administrators and developers, the people who are guarding this data, are being risky or lazy or are cutting budget,” said Chris Vickery, director of cyber risk research at UpGuard. “You’re not taking enough care in the security of big data.”
Facebook for many years allowed anyone who created an application on your site to obtain information about the people who use it and the friends of the users. Once the data is out of Facebook’s hands, developers can do whatever they want with them.
When everything exploded
About a year ago, Facebook CEO Mark Zuckerberg was preparing to testify before Congress about a particularly serious example. A developer who delivered data on tens of millions of people to Cambridge Analytica, the political consultant who helped Donald Trump. in his presidential campaign. That single instance led to governmental investigations around the world and threats of greater regulation for the company.
Last year, Facebook initiated an audit of thousands of applications and suspended hundreds of them until they could make sure they were not mishandling users data. Facebook now offers rewards to researchers who find problems with their third-party applications.
A Facebook spokesman said the company’s policies prohibit storing Facebook information in a public database. Once the problem was alerted, Facebook worked with Amazon to remove the databases, the spokesperson said, adding that Facebook is committed to working with developers on its platform to protect people’s data.
Also published on Medium.