Researchers on Wednesday reported that they found hundreds of millions of Facebook user records exposed online. In the report, Upguard, a cybersecurity firm, detailed the discovery of a trove of more than 540 million Facebook user records that were publicly accessible on unprotected Amazon cloud servers for an unknown period of time.
The leaked data included Facebook users’ identification numbers, comments, reactions, and in some cases, names, passwords, and email addresses. The leak has been attributed to two third-party Facebook app developers, Cultura Colectiva and At the Pool, who inadvertently stored the data on Amazon web servers without passwords, making it possible for anyone who came across the public datasets to easily download them. Cultura Colectiva’s dataset totaled more than 146 gigabytes.
It was also revealed by Bloomberg on Wednesday that Upguard spent months after the discovery trying to get the databases taken down, without success. It took until Wednesday before the datasets were finally taken offline by Amazon, after the company received a request from Facebook sent in the wake of Bloomberg’s report.
As we detailed in a recent report on the long litany of data privacy and security failures at Facebook over the past few years, the company has an unsettling history of freely sharing copious amounts of user data with third-party developers. Facebook was playing fast and loose with user data as far back as November 2011, when, in one of its first major privacy debacles, the company settled with the FTC over charges that it “deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.”
In their complaint, the FTC listed numerous examples of blatant disregard for user privacy and instances of outright deception, including Facebook telling users that third-party apps could only access specific profile information when, in fact, third-party apps could access all of the users’ data and that of their friends as well.
Following last year’s Cambridge Analytica scandal, in which it was revealed that a political consulting firm had questionably obtained data on more than 86 million Facebook users without their consent and then used that data to micro target voters in the 2016 presidential election, it became clear just how vast the scale and scope of Facebook’s data sharing had been.
As Wednesday’s report highlights, Facebook’s past data practices continue to haunt the company. As Upguard wrote in its announcement, “The data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today...the result is a long tail of data about Facebook users that continues to leak.”
While Facebook faces a steady drumbeat of pressure and scrutiny over its data practices, both past and present, it is the mass collection, centralized storage, and unfettered sharing of consumer data that makes these leaks possible in the first place. So long as consumers are forced to rely on centralized entities with outdated security and privacy standards, breaches and leaks will continue unabated.
It’s Time to Take Back Control of Your Data
At Bloom, we are giving you the tools to take back control of your data.
Bloom enables you to own, authorize the use of, and protect your data using the latest advancements in blockchain technology. With Bloom, the risk of your data being exposed in a data breach or leak is greatly reduced.
No more centralized data storage, No more selling your data off to the highest bidder. No more risking identity theft. Your identity, and highly sensitive personal and financial information, is securely safeguarded on your own personal device using cutting-edge cryptography.