Facebook data found on publicly accessible Amazon servers

Photo: Omar Marques/SOPA Images/LightRocket via Getty Images

Researchers found two third-party Facebook app developers had been storing user data on a publicly accessible Amazon Web Services server.

Why it matters: While Facebook itself wasn't directly to blame, this is yet another example of its customers' data being mishandled.

Details: Researchers at UpGuard found data from two firms containing Facebook user information and, in one of the cases, app passwords available for public download.

  • In the first case, 146 gigabytes of data containing 540 million records from Mexico-based media company Cultura Colectiva was stored in a publicly accessible Amazon S3 storage bucket and includes a variety of Facebook data, including user IDs, according to UpGuard.
  • Data from a second Facebook-integrated app, called "At the Pool," contained columns for a variety of Facebook categories including user ID, friends, likes, photos, checkins and more. There was also a category for password. Even if this was only the passwords for the app and not Facebook, many people reuse passwords across services.
  • Last March, in the wake of the Cambridge Analytica scandal, Facebook began limiting the amount of user data that third-party developers have access to.

What they're saying:

  • In a statement, Facebook told Axios that the developers were acting contrary to the company's policies, "Facebook's policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."
  • Amazon, for its part, said: “AWS customers own and fully control their data. When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here."

The big picture: This is, of course, just the latest scandal for Facebook surrounding user data. Earlier this year, the company acknowledged it had been storing some user passwords on its own servers in plaintext. And just yesterday it said it would halt the practice of asking some new users for their e-mail passwords as a means of verifying accounts.

What's next

Pelosi slams McConnell trial rules as "deliberately designed to hide the truth"

Photo: Mark Wilson/Getty Images

House Speaker Nancy Pelosi (D-Calif.) claimed in a statement Tuesday that the rules Senate Majority Leader Mitch McConnell (R-Ky.) has proposed for President Trump's impeachment trial diverge from the Clinton precedent and show he has "chosen a cover-up" over a fair trial.

Context: McConnell made public an organizing resolution Monday laying out the terms for the trial, which include 24 hours over two days for each side to present their cases. It would block evidence discovered in the House impeachment investigation from being presented without a separate vote, and would delay a vote on whether to subpoena witnesses and documents until later in the trial.

Setting the scene for Super Bowl LIV

Illustration: Sarah Grillo/Axios

After a grueling four months of football, Patrick Mahomes has led the Chiefs out of the darkness and into the Miami sun, where the 49ers football machine awaits them in the Super Bowl.

"The Gunslinger"

Mahomes is 24 years old, arguably the best player in football and he just toppled Tom Brady as the top seller of NFL merchandise. A star has already been born — now he has the biggest stage in sports to showcase his brilliance.

Go deeperArrow2 hours ago - Sports

Exclusive: The Athletic raises $50 million

Adam Hansmann (left) and Alex Mather (right), co-founders of The Athletic. Photo: Steph Gray, courtesy of The Athletic

The Athletic, a subscription-based digital sports media company, has raised $50 million in a Series D funding round, executives tell Axios.

  • With this investment, the company has raised a total of $139.5 million since its launch in 2016 and is valued at roughly $500 million after the new raise, according to sources familiar with the deal.
Go deeperArrow2 hours ago - Media