While Facebook may be responsible for securing user data on its own site, what happens when third-party developers fail to do so on their end?
New research from UpGuard (opens in new tab) has discovered that this was exactly the case regarding two third-party developed Facebook app datasets that have been found exposed to the public internet.
The first leak originates from the Mexico-based media company, Cultura Colectiva, which left 146GB of data containing over 540m records unsecured online.
- Facebook slammed by UK government
- Facebook shutters Onavo VPN app
- Facebook reaching fifteen – a stark reminder of the value of data
The information contained in the dataset includes account names, Facebook IDs, comments, likes, reactions and more which could make it particularly attractive to cybercriminals looking to take over consumer accounts.
A Facebook-integrated app called “At the Pool” was also found to have exposed a backup of its user data to the public internet via an Amazon S3 bucket.
Following its investigation into the leak, UpGuard discovered that this database backup contained a bevy of Facebook user information as well as their passwords. While the Cultura Colectiva dataset may be larger, the At the Pool discovery contains plaintext Facebook passwords for 22,000 users.
At the Pool closed its doors back in 2014 and even its parent company's website is no longer available. This should help assuage the fears of users whose names, passwords, email addresses, Facebook IDs and other details were exposed online for an unknown period of time.
Both the Cultura Colectiva and At the Pool datasets were stored in their own Amazon S3 buckets that were configured to allow their contents to be downloaded publicly.
UpGuard's discovery may not gain as much attention as a data breach at Facebook proper but it still shines a light on the problem of mass data collection which the social network notoriously helped popularize.
- We've also highlighted the best VPN to help you protect your data on the go