Apr 3, 2019

Facebook data found on publicly accessible Amazon servers

Photo: Omar Marques/SOPA Images/LightRocket via Getty Images

Researchers found two third-party Facebook app developers had been storing user data on a publicly accessible Amazon Web Services server.

Why it matters: While Facebook itself wasn't directly to blame, this is yet another example of its customers' data being mishandled.

Details: Researchers at UpGuard found data from two firms containing Facebook user information and, in one of the cases, app passwords available for public download.

  • In the first case, 146 gigabytes of data containing 540 million records from Mexico-based media company Cultura Colectiva was stored in a publicly accessible Amazon S3 storage bucket and includes a variety of Facebook data, including user IDs, according to UpGuard.
  • Data from a second Facebook-integrated app, called "At the Pool," contained columns for a variety of Facebook categories including user ID, friends, likes, photos, checkins and more. There was also a category for password. Even if this was only the passwords for the app and not Facebook, many people reuse passwords across services.
  • Last March, in the wake of the Cambridge Analytica scandal, Facebook began limiting the amount of user data that third-party developers have access to.

What they're saying:

  • In a statement, Facebook told Axios that the developers were acting contrary to the company's policies, "Facebook's policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."
  • Amazon, for its part, said: “AWS customers own and fully control their data. When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here."

The big picture: This is, of course, just the latest scandal for Facebook surrounding user data. Earlier this year, the company acknowledged it had been storing some user passwords on its own servers in plaintext. And just yesterday it said it would halt the practice of asking some new users for their e-mail passwords as a means of verifying accounts.

Go deeper

Coronavirus updates: California monitors 8,400 potential cases

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

33 people in California have tested positive for the coronavirus, and health officials are monitoring 8,400 people who have recently returned from "points of concern," Gov. Gavin Newsom said Thursday.

The big picture: COVID-19 has killed more than 2,800 people and infected over 82,000 others in some 50 countries and territories. The novel coronavirus is now affecting every continent but Antarctica, and the WHO said Wednesday the number of new cases reported outside China has exceeded those inside the country for the first time.

Go deeperArrowUpdated 22 mins ago - Health

Wall Street falls into correction territory as coronavirus rout intensifies

A trader on the floor of the New York Stock Exchange. Photo: Johannes Eisele/AFP via Getty Images

The S&P 500, Dow Jones and Nasdaq all entered correction territory on Thursday, down 10% from their recent record highs amid a global market rout that began earlier this week.

The big picture: Stocks fell 3% for a time on Thursday, extending the market’s worst week since the financial crisis in 2008 following a spike in coronavirus cases around the world, according to CNBC.

Watchdog opens probe into VA secretary over handling of sexual assault claim

VA Secretary Robert Wilkie on Fox Business Network’s "The Evening Edit" on Jan. 7. Photo: Steven Ferdman/Getty Images

The Department of Veterans Affairs Inspector General Michael Missal said Thursday he had opened an investigation into VA Secretary Robert Wilkie after lawmakers demanded an inquiry into his handling of a sexual misconduct report, the Washington Post reports.

Context: Wilkie allegedly "worked to discredit" the credibility of Democratic aide and veteran Andrea Goldstein after she reported last fall "that a man groped and propositioned her in the main lobby of the agency's D.C. Medical Center," a senior VA official told the Post.