Million Facebook User Records Exposed Online, Plus Passwords, Comments, and More

Million Facebook User Records Exposed Online, Plus Passwords, Comments, and More

The company moved to restrict developer access and conduct a wholesale review of third-party apps previous year after the widespread Cambridge Analytica breach.

Buzzfeed-like media startup, Cultura Colectiva, finds itself in hot water after Upguard, the multinational cybersecurity firm, unearthed its dirty laundry.

Then in November 2017 UpGuard found "critical data" belonging to the USA army on virtual image of hard disk left on an AWS server, without password protection. "In general, we work with developers to make sure that they're respecting people's information and using it only in ways that they want".

Since it is publicly available, anyone can check it out and download data that includes email IDs, login credentials including passwords, account IDs, identification numbers and even comments and reactions. It's unclear how many individual users had data exposed.

It doesn't matter that this past company accessed only 22 million accounts, less than Cultura Colectiva.

Any organisation that shares data should be reviewing their API's to ensure controls are in place to limit sensitive data and regular audits be done on the third parties to ensure compliance to privacy regulations and IT security standards.


Cultura Colectiva issued a statement a few hours after Upguard published its article.

Nabil Hannan, Managing Principal (Financial Services) - Software Integrity Group, Synopsys, commented: "With increasingly stringent data protection laws going into effect across the globe, and the public's heightened sensitivity to privacy violations, protecting sensitive data needs to be a critical priority for all organizations". "When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here".

UpGuard found a batch of scratched Facebook profiles including 48 million records in 2018 from LocalBlox, a data firm that scrapes data from social media profiles. However, the database was only secured by Facebook yesterday morning.

UpGuard sells products for companies to prevent and detect data exposures. "Not enough security is being put into the security side of big data", Chris Vickery, director cyber risk research at UpGuard, said.

Of course, now with the Cambridge Analytica scandal looming on its head, - the tech giant is making some amendments to secure users data - but as they say 'the damage has been done'.

I respect technological improvements, but at what cost? However, more publicly accessible information could still be out there. But the problem of stored data doesn't go away once it's left Facebook.

Related Articles