Another scandal: Facebook user data reportedly at risk again
In what seems like a broken record, Facebook is facing another scandal related to the transparency of its user data.
The UpGuard cybersecurity firm reports that it uncovered two cases in which massive buckets of third-party Facebook app data were left exposed on the public internet.
In one such case, a Mexico-based media company named Cultura Colectiva amassed 146 gigabytes of data with more than 540 million records. The records are said to include user comments, likes, reactions, account names, Facebook IDs and more.
Another exposure, UpGuard says, came from a since-discontinued Facebook-integrated app called At The Pool and was apparently posted on a public Amazon cloud server. This second data trove reportedly included unprotected passwords for 22,000 users.
Though At The Pool shut down in 2014, UpGuard wrote that, "this should offer little consolation to the app's end users whose names, passwords, email addresses, Facebook IDs and other details were openly exposed for an unknown period of time."
Facebook shut down the Cultura database after being alerted by Bloomberg.
In a statement supplied to USA TODAY via email, the social network wrote that "Facebook's policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."
UpGuard outlined the potential risk: "These two situations speak to the inherent problem of mass information collection: the data doesn't naturally go away, and a derelict storage location may or may not be given the attention it requires."
The scandal-ridden company faced more bad news. Over the weekend in an unrelated matter, Twitter user "e-Sushi" reported that the social network, as part of a dubious verification process, demanded the secret password of some users' personal email accounts.
In an email sent to the Daily Beast after it reported the issue, Facebook said that it doesn't store the email passwords but announced it would end the practice just the same.
"We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," the company wrote in the email.
The latest string of events follows last month's scandal in which the KrebsOnSecurity security news site reported that hundreds of millions of Facebook users passwords were stored in plain text that could be searched by more than 20,000 Facebook employees.
And that was revealed after the New York Times reported that Facebook faces a federal criminal investigation into consumer data-sharing deals it made with scores of other technology companies including Amazon, Apple, Microsoft and Samsung.
©2019 USA Today
Distributed by Tribune Content Agency, LLC.
