Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

The tale of the latest Facebook data spill, announced Wednesday by security outfit Upguard, has a unique new twist: No one is shouldering responsibility for the half a billion user records that were exposed on a public server.

Driving the news: The story broke yesterday when Upguard reported it had found two troves of Facebook user data sitting on publicly accessible Amazon Web Services S3 "buckets" — cloud storage containers used mostly by backend programmers.

  • The first belonged to a Mexico-based media company, Cultura Colectiva, and contained 540 million user records.
  • The second contained a backup by the apparently defunct Facebook app "At the Pool," which, though much smaller, included more sensitive information, including plain text passwords for 22,000 users.

The data originated with Facebook. But Facebook maintains that fault lies not with its own practices but rather with the developers of the apps that carelessly stored their data.

  • "Facebook's policies prohibit storing Facebook information in a public database," the company told Axios. "Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."

The data lived on Amazon's cloud servers. But Amazon says that responsibility for securing data stored with it lies with the companies that put it there.

  • AWS's S3 is like the internet's data warehouse. The programmers for tons of widely used apps and services use it as a cheap, flexible, on-demand source of storage. S3 buckets are set private by default but some are made publicly accessible so users can download data directly.
  • "AWS customers own and fully control their data," Amazon said. "When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here."

The data was held by the app makers.

  • But one of them, "At the Pool," seems to be out of business.
  • The other, Cultura Colectiva, offered no apology in a statement that circulated among journalists on Twitter, but said that the data it was storing came from "the fanpages we manage" and was "public, not sensitive," information.

Our thought bubble: Everything these companies say may be correct, but none of it is satisfying.

  • App makers who are aggregating hundreds of millions of data points about their users owe it to them to protect the resulting databases from random downloaders, not leave them out like a stagnant data dump.
  • Amazon may reasonably let its customers decide whether data should be public or private. But it could also take more proactive measures to alert storage users about what information they've exposed to the whole internet. The world's biggest digital landlord has a role in cleaning up the dumps on its property.
  • Facebook rightly points out that it has tightened up its policies on sharing user data with app makers since last year's Cambridge Analytica debacle. But its lax privacy practices leaked user information to other companies for years. Incidents like this one will continue to erode public trust in Facebook until the company creates something like a digital Superfund to help clean up the messes it has made.

The bottom line: Facebook and Google have turned user data into advertising gold. But that data can also end up as garbage left out on the net in abandoned "buckets" for mischief-makers and criminals to pilfer. When that happens, "not our fault" won't reassure anyone.

Go deeper

26 mins ago - Podcasts

Podcast: After the Biden inaugural

Joe Biden was sworn in today as America's 46th president in an inauguration unlike any other in modern history.

Axios Re:Cap goes deeper into the speech, the atmosphere and what it all tells us about the incoming administration, with Axios political reporters Hans Nichols and Alexi McCammond.

Biden embarks on a consequential presidency

Photo illustration: Sarah Grillo/Axios. Photo: Joe Raedle/Getty Images

Donald Trump tried everything to delegitimize the rival who vanquished him. In reality, he's set Joe Biden on course to be a far more consequential U.S. president than he might otherwise have become.

The big picture: President Biden now confronts not just a pandemic, but massive political divisions and an assault on truth — and the aftermath of the assault on the Capitol two weeks ago that threatened democracy itself.

Updated 58 mins ago - Politics & Policy

Inauguration Day dashboard

U.S. Capitol and stage are lit at sunrise ahead of the inauguration of Joe Biden. Photo: Patrick Semansky - Pool/Getty Images

President Biden has delivered his inaugural address at the Capitol, calling for an end to the politics as total war but warning that "we have far to go" to heal the country.

What's next: Representatives from all branches of the military escort the 46th president to the White House.