Two third-party developed Facebook apps have hundreds of gigabytes of Facebook user data, according to a new report released April 3 by UpGuard, a cyber security risk research company.
A Mexico-based company, Cultura Colectiva, had more than 146 gigabytes of data with more than 540 million Facebook user records, including likes, comments, reactions, account names and Facebook IDs, according to the report. Another App had the passwords to more than 22,000 Facebook user’s accounts, stored on Amazon servers. The data was found on Amazon’s S3 cloud data service.
The report does not state how long or who could have accessed the data while it was exposed. The number of users affected by the leak of 540 million user records was not specified in the report.
The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each, UpGuard wrote in a post.
“What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers,” UpGuard wrote. “As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access.”
According to the report, these were two separate discoveries of data leaks of Facebook user information. UpGuard contacted Cultura Colectiva about the data exposure on Amazon S3 Jan. 10 and Jan 14, with no response as of April 3. The company contacted Amazon about the data leak Feb. 21. Amazon Web Services responded the same day and notified Cultura Colectiva of the data insecurity.
“It was not until the morning of April 3rd, 2019, after Facebook was contacted by Bloomberg for comment, that the database backup, inside an AWS S3 storage bucket titled “cc-datalake,” was finally secured,” UpGuard wrote. “
According to CNN business, news broke in March that “Cambridge Analytica, a data firm with connections to Donald Trump’s presidential campaign, had accessed the information from as many as 87 million Facebook users without their knowledge.”
On March 21, Facebook notified users that an error made millions of user’s passwords visible to Facebook employees. They stated the issue was fixed, according to Bloomberg.
“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” Facebook wrote in a March 21 post. “This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”
To reset your Facebook password on your own, follow the instructions below.
- Log in to Facebook
- Click on the down arrow at the top right
- Click on ‘Settings’
- In the left column, click on ‘Security and Login’
- Scroll down to the ‘Login’ section and select ‘Change Password’
- You can also try clicking on this link which should take you to the last step.
Sources: Bloomberg, CNN Business