Over 540 Million Records Of Facebook Users Exposed Without Passwords

Dhir Acharya


According to security firm UpGuard’s researchers, two third-party companies collected and gathered two batches of Facebook user records.

Security researchers said they have discovered that over 540 million records of Facebook users are exposed on an accidentally public storage server. According to security firm UpGuard’s researchers, two third-party companies collected and gathered two batches of user records.

In particular, Cultura Colectiva, a digital media company in Mexico, left the records which include account names, reactions, likes, comments, and more, stored on storage server Amazon S3 without a password, meaning anyone can access the data. Meanwhile, defunct app maker At The Pool based in California contained even more sensitive info in a backup file kept on its storage server. This file includes data on over 22,000 users, including check-ins, group memberships, photos, interests, and friend lists.

UpGuard said that neither Cultura Colectiva nor At The Pool responded to its requests to delete the data. As reported by TechCrunch, a Facebook spokesperson contacted Amazon to pull off the data.

The spokesperson stated that the company's policies prohibit the storing of Facebook info publicly. According to the social giant, there isn’t any evidence of data misuse in this incident but the investigation is going on.

This is the latest data breach involving the social network since the last year’s Cambridge Analytica data scandal, where over 87 million user records were scraped without permission. The firm was alleged of using the data in creating voters’ profiles with the aim to support for the presidential campaigns of Donald Trump and Ted Cruz.

When Facebook acknowledged the scandal, it launched a bug bounty program covering third-party services and platforms which exposed or leaked its user data.

Last year, UpGuard discovered 48 million Facebook profile records scraped from LocalBlox. Talking to TechCrunch, UpGuard’s director of cyber risk research Chris Vickey said:

Next Story