More than 540 million Facebook records exposed once again

Datasets from two third-party facebook apps were exposed to the public, according to cybersecurity firm UpGuard. Over 540 million records stored on Mexico-based media company Cultura Colectiva were exposed and a separate backup from a Facebook-integrated app titled “At the Pool” was found on Amazon's cloud servers.

While Facebook is still investigating exactly what information was stored, a spokeswoman confirmed to Marketing that it has worked with Amazon to take down the databases and it remains committed to working with the developers on our platform to protect people's data. She added that Facebook's policies currently prohibit storing user information in a public database.

According to UpGuard, both exposed datasets contain data about Facebook users, describing their interests, relationships, and interactions. The "At the Pool" dataset also exposed unprotected passwords for 22,000 users. While the passwords are presumably for the app rather than for Facebook accounts, the cyber security firm said that the exposure puts users who have reused the same password across accounts at risk.

Marketing has reached out to Facebook for further updates.

When the data breach was first discovered in January, UpGuard said that it had informed Cultura Colectiva and Amazon Web Services. While there was no reply from Cultura Colectiva, Amazon Web Services had responded that the data storage bucket owner was made aware of the exposure and Amazon was looking into further potential ways to handle the situation. However, the database was only secured by Facebook yesterday morning.

While the report acknowledged that the datasets were no longer under Facebook’s control, it underscored that they would not exist without Facebook. It said, "In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security. The surface area for protecting the data of Facebook users is thus vast and heterogenous, and the responsibility for securing it lies with millions of app developers who have built on its platform."

This is not the first time the social media platform has faced data and privacy breach. In April last year, Facebook found potentially 65,009 users in Singapore at risk of having their information improperly shared with Cambridge Analytica. The platform also confirmed that 1,096,666 accounts in Indonesia were put at risk as well.

Following the reveal, Facebook chief technology officer Mike Schroepfer has also outlined plans to restrict data access on the platform – affecting APIs such as Pages, Events, Groups, and Instagram Platforms. Other measures also cover Facebook Login, search and account recovery, call and text history, data providers and partner categories and app controls.