UpGuard, a cybersecurity firm, recently discovered that Facebook inadvertently uploaded millions of private user records to Amazon’s publicly accessible cloud computing servers.
Cultura Colectiva, one of two third-party Facebook app developers that stored user data on Amazon servers, had stored 146 gigabytes of data, including “names, passwords and email addresses” of Facebook users.
Facebook shut down the database in question after being contacted for a comment on the issue by Bloomberg. However, more publicly accessible information could still be out there. UpGuard also discovered that there are still 100,000 public Amazon-hosted databases in existence.
“The public doesn’t realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners,” Chris Vickery, director of cyber risk research at UpGuard, told Bloomberg. "Not enough care is being put into the security side of big data."
Data security issues
Facebook has dealt with a number of security incidents in recent years. Just last month, it was reported that the company stored “hundreds of millions” of account passwords in plain text. Facebook’s vice president of Engineering, Security and Privacy, assured users that the passwords were not publicly accessible and that there was no evidence that Facebook employees abused their access.
The latest data breach appears to have been the result of Facebook allowing third party developers to integrate apps and websites with its platform to allow for functionality like signing into a service using Facebook.
In an interview with CNN, Vickery noted that the social media giant has "no way of guaranteeing the safe storage of the data of their end users if they are going to allow app developers to harvest it in mass.”
Facebook said in a statement that its policies “prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."