Another scandal: Facebook user data reportedly at risk again

Credit: CC0 Public Domain

In what seems like a broken record, Facebook is facing another scandal related to the transparency of its user data.

The UpGuard cybersecurity firm reports that it uncovered two cases in which massive buckets of third-party Facebook app data were left exposed on the public internet.

In one such case, a Mexico-based named Cultura Colectiva amassed 146 gigabytes of data with more than 540 million records. The records are said to include user comments, likes, reactions, account names, Facebook IDs and more.

Another exposure, UpGuard says, came from a since-discontinued Facebook-integrated app called At The Pool and was apparently posted on a public Amazon cloud server. This second data trove reportedly included unprotected passwords for 22,000 users.

Though At The Pool shut down in 2014, UpGuard wrote that, "this should offer little consolation to the app's end users whose names, passwords, addresses, Facebook IDs and other details were openly exposed for an unknown period of time."

Facebook shut down the Cultura database after being alerted by Bloomberg.

In a statement supplied to USA TODAY via email, the social network wrote that "Facebook's policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."

UpGuard outlined the : "These two situations speak to the inherent problem of mass information collection: the data doesn't naturally go away, and a derelict storage location may or may not be given the attention it requires."

The scandal-ridden company faced more bad news. Over the weekend in an unrelated matter, Twitter user "e-Sushi" reported that the social network, as part of a dubious verification process, demanded the secret password of some users' personal email accounts.

In an email sent to the Daily Beast after it reported the issue, Facebook said that it doesn't store the email passwords but announced it would end the practice just the same.

"We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," the company wrote in the email.

The latest string of events follows last month's scandal in which the KrebsOnSecurity security news site reported that hundreds of millions of Facebook users passwords were stored in plain text that could be searched by more than 20,000 Facebook employees.

And that was revealed after the New York Times reported that Facebook faces a federal criminal investigation into consumer data-sharing deals it made with scores of other technology companies including Amazon, Apple, Microsoft and Samsung.

©2019 USA Today
Distributed by Tribune Content Agency, LLC.

Citation: Another scandal: Facebook user data reportedly at risk again (2019, April 8) retrieved 25 February 2024 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Facebook admits storing passwords in plain text (Update)


Feedback to editors