Another Day, Another Story About Exposed Facebook User Data

Another Day, Another Story About Exposed Facebook User Data

Another Day, Another Story About Exposed Facebook User Data

The information included comments, reactions, likes, FB IDs and account names uploaded by media company Cultura Colectiva.

UpGuard notified Cultura Colectiva on 10th January this year, and then again in 14th January, with no response.

The representative further affirmed that Facebook doesn't allow its user data to be stored on a public database, so this is a clear violation of its policies.

Finally, an independent security researcher called out Facebook for requiring some new users to verify their identity to the social media giant by providing the password to their email address, an abysmal practice from a security standpoint.

The second batch of leaked user data was significantly smaller and contained records of 22,000 users.

'The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook's control. Facebook's representative claims that they have taken the databases offline after being notified and now they are investigating the incident to identify how and for what duration the data was available on Amazon's servers. Adding further, "We are aware of the uses that data can now have, so we have reinforced our security measures to protect the data and privacy of the users of our fanpages on Facebook".

Upguard released a publication earlier this week claiming that the Mexico City-based startup stored Facebook user data on public servers without any protections.

"Effectively, Facebook has not disclosed the full extent such access might grant, nor have they provided any indication of what data might be accessed during their verification".

The records allegedly stored by Facebook partners contained data were mostly non-sensitive.

The new finding is the latest to highlight Facebook's struggle to protect the data collected from its more than 2 billion users.

Facebook shut down the database in question after being contacted for a comment on the issue by Bloomberg. "Not enough security is being put into the security side of big data", Chris Vickery, director cyber risk research at UpGuard, said. When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here.

This is a serious security lapse on the part of Facebook.

"The surface area for protecting the data of Facebook users is thus vast and heterogeneous, and the responsibility for securing it lies with millions of app developers who have built on its platform".

Facebook has been accused of loose management of its user data by improperly sharing its data with third-party companies.

Related news