It turns out that over 500 million Facebook user information has been made publicly accessible to anyone on the cloud server

Facebook has been widely criticized by people around the world for its

abuse of user data by the consulting company Cambridge Analytics. Facebook has been working hard to protect user data in response to harsh opinion, but researchers belonging to UpGuard , a cybersecurity company, have received more than 540 million on Amazon's cloud servers that are accessible online. I have found that Facebook user data is in public state.

Losing Face: Two More Cases of Third-Party Facebook App Data Exposure

Millions of Facebook Records Found on Amazon Cloud Servers-Bloomberg

Researchers find 540 million Facebook user records on exposed servers | TechCrunch

UpGuard's cybersecurity team discovered that two third-party companies were storing Facebook user data publicly on Amazon's cloud server. Each company had developed a third party app related to Facebook.

According to researchers, Cultura Colectiva, a digital platform company based in Mexico, has stored as much as 540 million Facebook user data, including user comments and account names, on a cloud server. The data was not locked, so anyone who found it online could download 146GB of data at will. Cultura Colectiva is a platform for posting stories about celebrities and cultures, mainly for Latin American users.

In addition, a third-party app called 'At the Pool' also stored 22,000 Facebook user data in public form. It seems that At the Pool has not been used yet, but the name, email address, Facebook friends list, photos, etc. have been open for a long time.


UpGuard sent an email to Cultura Colectiva alerting January 10, 2019 that 'Facebook user data has been saved publicly' and sent a similar email again on January 14, 2019. But there was no response. Then, at the end of January 2019, UpGuard sent a warning email to Amazon Web Service (AWS) , and on February 1st, 2019, it was said that AWS had noticed a danger. But since then, Facebook's user data has been open for a long time, and on April 3, 2019, the data set named 'cc-datalake' was finally closed.

The fraudulent use of Cambridge Analytica's data abuse in 2018 has led Facebook to make a major change in user data handling and provide third-party app bug rewards programs and more. However, before Facebook turned around, many third party companies were able to use Facebook user data for app development.

This one thing corroborates the fact that Facebook can not manage about the data which left the hand. Data provided to the outside once does not disappear naturally, nor does it come back under the control of Facebook again. 'It is responsible for storing personal information collected from end users and will increase as the volume of data grows,' said Chris Vickery, Head of Cyber Risk Research at UpGuard.


Bloomberg also pointed out that companies are storing data on cloud servers, which can amplify data security issues. Many companies are migrating from their data servers to cloud servers provided by Amazon and Google, but important confidential information, such as military data and service subscriber data, is mistakenly online as in this case. There is an increasing number of cases of being released in Companies that handle huge amounts of user data have an even greater responsibility for data protection.

in Mobile,   Web Service,   Security, Posted by log1h_ik