Facebook, Inc Users Data Showing Up On Amazon’s Cloud
According to a report from UpGuard, a cybersecurity firm, “Two third-party Facebook app developers were found to have stored user data on Amazon’s servers in a way that allowed it to be downloaded by the public.”
One of the companies stored 146 gigabytes of data containing more than 540 million records, including comments, likes, reactions and account names, on the Amazon servers. The number of users whose data was included is not yet clear, said UpGuard.
Chris Vickery, the director of cyber risk research at UpGuard in a statement to CNN Business said “another app is said to have stored unprotected Facebook passwords for 22,000 users. And that the find “highlights a problem that is intrinsic with mass data collection.”
Vickery said that the data appeared to have been gathered through a Facebook integration. Facebook allows third-party developers to integrate apps and websites with its platform to allow for functionality like signing into a service using Facebook.
Facebook has “no way of guaranteeing the safe storage of the data of their end users if they are going to allow app developers to harvest it in mass,” Vickery said.
The Facebook spokesperson in a statement said, “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
Amazon representatives are yet to respond to this incident.
Bloomberg broke the news first.
This latest finding only emphasizes the fact of how Facebook’s struggle to protect the data collected from its more than 2 billion users. This will only increase the scrutiny on the company after the company was hit with data privacy scandals last year.
The news about Cambridge Analytica, a data firm having accessed information from as many as 87 million Facebook users without their knowledge.
Facebook has said the data was initially collected by a professor for academic purposes in line with its rules. The information was later transferred to third parties, including Cambridge Analytica, in violation of Facebook’s policies, Facebook has said.
Last year, the company also revealed that attackers exploited a bug on the platform to expose the information of nearly 50 million users. Since then, Facebook has come under scrutiny for offering more of its users’ data to third-party app developers.
Facebook has come under some sharp criticism of the way the company’s data privacy practices. In October, UK authorities hit Facebook with a £500,000 fine, the maximum possible, over the Cambridge Analytica scandal. It looks like the U.S. Federal Trade Commission is also geared up to levy a record fine against the company for violating an earlier data privacy agreement.