Skip to main content
  1. Home
  2. Computing
  3. News

In latest blow to Facebook, 540 million user records exposed by third-party apps

Arif Bacchus
By

In the latest privacy blow for Facebook, the information of up to 540 million users — including passwords, comments, likes, and Facebook IDs — were left by app developers on publicly visible Amazon cloud servers. That’s according to a report from the security firm UpGuard, which initially discovered the two datasets of Facebook user information.

Though the information on the servers was eventually removed once Facebook was contacted, it is not known how long the data was available to the public — or who may have accessed it. According to UpGuard, there are two specific data sets that contained user information. One set which comes from the Mexican media company, Cultra Collectiva, weighed in at 146GB and contained the personal information of 540 million Facebook users. The second data set, which traces back to a Facebook app going by the name of “At the Pool,” was also found in a public Amazon S3 server. This data set is smaller than Cultra Collectiva’s but contained the passwords for 22,000 users. It also contained sensitive information such as Facebook likes and check-ins.

“The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third-party developers,” UpGuard said.

Facebook and Amazon worked to take down databases, but not before the damage was done. “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data,” said Facebook in a statement.

Though there remains the possibility that these app developers could have inadvertently placed the information on public servers, it serves as a reminder that Facebook data is not always private. Previously, in December 2018, an API bug exposed the private photos of up to 6.8 million Facebook users to third-party apps. Facebook had also faced criticism following the fallout of the Cambridge Analytica scandal and promised to reduce the number of apps that have access to user data.

Editors' Recommendations

New malware can steal your credit card details — and it’s spreading fast
An individual surrounded by several computers typing on a laptop.
Twitter is building a menu option for Twitter Shops
A person's hands holding a smartphone as they browse Twitter on it.
This new Windows 11 feature will help you protect your passwords
A man sits, using a laptop running the Windows 11 operating system.
Malwarebytes resolves error that was blocking Google this morning
malwarebytes shows av firms failing customers keyboard virus mem2
How to change the login picture on a Mac
Login screen on a MacBook.
What are mouse jigglers?
Undetectable Mouse Mover at a computer.
Lenovo Slim 9i vs. Apple MacBook Pro 14
Lenovo Slim 9i front view showing display and keyboard deck.
The best desktop computers for 2022: Dell, HP, Apple, and more
HP Omen 30L DESKTOP PC
Here’s how to delete your YouTube account in just a few easy steps
How to delete your YouTube account
How to create a new team in Microsoft Teams
Example of Teams chat.
Best Microsoft Office deals for October 2022
Students using Microsoft Office software on their laptops outside.
Best cheap printer deals for October 2022
Brother's L8360 is a great color laser printer for small offices.
Best laser printer deals: Save on Brother and Canon today
A person uses a smartphone to print something with a Brother MFC-L2710DW wireless monochrome laser printer on an office table.