Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

The tale of the latest Facebook data spill, announced Wednesday by security outfit Upguard, has a unique new twist: No one is shouldering responsibility for the half a billion user records that were exposed on a public server.

Driving the news: The story broke yesterday when Upguard reported it had found two troves of Facebook user data sitting on publicly accessible Amazon Web Services S3 "buckets" — cloud storage containers used mostly by backend programmers.

  • The first belonged to a Mexico-based media company, Cultura Colectiva, and contained 540 million user records.
  • The second contained a backup by the apparently defunct Facebook app "At the Pool," which, though much smaller, included more sensitive information, including plain text passwords for 22,000 users.

The data originated with Facebook. But Facebook maintains that fault lies not with its own practices but rather with the developers of the apps that carelessly stored their data.

  • "Facebook's policies prohibit storing Facebook information in a public database," the company told Axios. "Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."

The data lived on Amazon's cloud servers. But Amazon says that responsibility for securing data stored with it lies with the companies that put it there.

  • AWS's S3 is like the internet's data warehouse. The programmers for tons of widely used apps and services use it as a cheap, flexible, on-demand source of storage. S3 buckets are set private by default but some are made publicly accessible so users can download data directly.
  • "AWS customers own and fully control their data," Amazon said. "When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here."

The data was held by the app makers.

  • But one of them, "At the Pool," seems to be out of business.
  • The other, Cultura Colectiva, offered no apology in a statement that circulated among journalists on Twitter, but said that the data it was storing came from "the fanpages we manage" and was "public, not sensitive," information.

Our thought bubble: Everything these companies say may be correct, but none of it is satisfying.

  • App makers who are aggregating hundreds of millions of data points about their users owe it to them to protect the resulting databases from random downloaders, not leave them out like a stagnant data dump.
  • Amazon may reasonably let its customers decide whether data should be public or private. But it could also take more proactive measures to alert storage users about what information they've exposed to the whole internet. The world's biggest digital landlord has a role in cleaning up the dumps on its property.
  • Facebook rightly points out that it has tightened up its policies on sharing user data with app makers since last year's Cambridge Analytica debacle. But its lax privacy practices leaked user information to other companies for years. Incidents like this one will continue to erode public trust in Facebook until the company creates something like a digital Superfund to help clean up the messes it has made.

The bottom line: Facebook and Google have turned user data into advertising gold. But that data can also end up as garbage left out on the net in abandoned "buckets" for mischief-makers and criminals to pilfer. When that happens, "not our fault" won't reassure anyone.

Go deeper

In photos: Twin Cities on edge after Daunte Wright shooting

Demonstrators shout "Don't shoot" at the police after curfew on April 12 as they protest the death of Daunte Wright, who was shot and killed by a police officer in Brooklyn Center, Minnesota, a day earlier. Photo: Kerem Yucel/AFP via Getty Images

There were tense scenes in the Twin Cities suburb of Brooklyn Center Monday night, after demonstrators defied a 7 p.m. curfew to protest for a second night the fatal police shooting of Daunte Wright.

The big picture: The curfew was announced following a night of protests and unrest over the killing of Wright, 20, during a traffic stop Sunday. Following peaceful protests and a daytime vigil, police again deployed tear gas during clashes with protesters Monday night, according to reporters on the scene.

In photos: Life along the U.S.-Mexico border

Children at the border of the Puerto de Anapra colonia of Ciudad Juárez, Mexico, hang on a border fence and look to Sunland Park, N.M. Photo: Russell Contreras/Axios

Axios traveled to McAllen and El Paso, Texas, and Ciudad Juárez, Mexico, to see how the communities are responding to an increase of migrants from Central America.

Of note: The region in South and West Texas are among the poorest in the nation and rarely are the regions covered in depth beyond the soundbites and press conference. Axios reporters Stef Kight and Russell Contreras walked the streets of McAllen, El Paso, Texas, and Ciudad Juárez to record images that struck them.

Updated 3 hours ago - Axios Twin Cities

Police: Officer who shot Daunte Wright accidentally pulled gun instead of Taser

The officer who fatally shot Daunte Wright, a 20-year-old Black man, outside Minneapolis Sunday appeared to have inadvertently pulled out her gun instead of a Taser, police said.

What's new: Officials on Monday night identified the officer involved in the shooting as Kim Potter, who has been with the Brooklyn Center Police Department for 26 years.