Apr 3, 2019

Facebook data found on publicly accessible Amazon servers

Photo: Omar Marques/SOPA Images/LightRocket via Getty Images

Researchers found two third-party Facebook app developers had been storing user data on a publicly accessible Amazon Web Services server.

Why it matters: While Facebook itself wasn't directly to blame, this is yet another example of its customers' data being mishandled.

Details: Researchers at UpGuard found data from two firms containing Facebook user information and, in one of the cases, app passwords available for public download.

  • In the first case, 146 gigabytes of data containing 540 million records from Mexico-based media company Cultura Colectiva was stored in a publicly accessible Amazon S3 storage bucket and includes a variety of Facebook data, including user IDs, according to UpGuard.
  • Data from a second Facebook-integrated app, called "At the Pool," contained columns for a variety of Facebook categories including user ID, friends, likes, photos, checkins and more. There was also a category for password. Even if this was only the passwords for the app and not Facebook, many people reuse passwords across services.
  • Last March, in the wake of the Cambridge Analytica scandal, Facebook began limiting the amount of user data that third-party developers have access to.

What they're saying:

  • In a statement, Facebook told Axios that the developers were acting contrary to the company's policies, "Facebook's policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."
  • Amazon, for its part, said: “AWS customers own and fully control their data. When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here."

The big picture: This is, of course, just the latest scandal for Facebook surrounding user data. Earlier this year, the company acknowledged it had been storing some user passwords on its own servers in plaintext. And just yesterday it said it would halt the practice of asking some new users for their e-mail passwords as a means of verifying accounts.

Go deeper

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 1 p.m. ET: 691,867 — Total deaths: 32,988 — Total recoveries: 146,613.
  2. U.S.: Leads the world in cases. Total confirmed cases as of 1 p.m. ET: 125,433 — Total deaths: 2,201 — Total recoveries: 2,612.
  3. Federal government latest: The first federal prisoner to die from coronavirus was reported from a correctional facility in Louisiana on Sunday.
  4. Public health updates: Fauci says 100,000 to 200,000 Americans could die from virus.
  5. State updates: Louisiana governor says state is on track to exceed ventilator capacity by end of this week — Cuomo says Trump's mandatory quarantine comments "really panicked" people
  6. World updates: Italy reported 756 new deaths, bringing its total 10,779. Spain reported almost 840 dead, another new daily record, bringing its total to over 6,500.
  7. What should I do? Answers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk
  8. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Cuomo: Trump's mandatory quarantine comments "really panicked people"

New York Gov. Andrew Cuomo said in a press conference Sunday that President Donald Trump's unexpected Saturday announcement of a possible "short-term" quarantine of New York, New Jersey and parts of Connecticut to curb the spread of the coronavirus "really panicked people."

Why it matters: Though Trump ruled out the mandatory quarantine later that day, Cuomo said people still called "all night long" asking about the comments and many likely fled the New York area — possibly spreading the virus further.

Go deeperArrow34 mins ago - Health

U.S. coronavirus updates: Fauci suggests death toll could top 100,000

Data: The Center for Systems Science and Engineering at Johns Hopkins; Map: Andrew Witherspoon/Axios

Anthony Fauci, director of the National Institute of Allergy and Infectious Diseases, said on CNN Sunday that models suggest COVID-19 will infect millions of Americans and could kill 100,000–200,000, though he stressed that the projections are "such a moving target."

The big picture: With more than 121,000 people infected, the U.S. has the most COVID-19 cases in the world, exceeding China and Italy, per data from Johns Hopkins. A second wave of American cities, including Boston, Detroit, New Orleans and Philadelphia, reported influxes of cases on Saturday.

Go deeperArrowUpdated 1 hour ago - Health