Illustration: Aïda Amer/Axios

The tale of the latest Facebook data spill, announced Wednesday by security outfit Upguard, has a unique new twist: No one is shouldering responsibility for the half a billion user records that were exposed on a public server.

Driving the news: The story broke yesterday when Upguard reported it had found two troves of Facebook user data sitting on publicly accessible Amazon Web Services S3 "buckets" — cloud storage containers used mostly by backend programmers.

  • The first belonged to a Mexico-based media company, Cultura Colectiva, and contained 540 million user records.
  • The second contained a backup by the apparently defunct Facebook app "At the Pool," which, though much smaller, included more sensitive information, including plain text passwords for 22,000 users.

The data originated with Facebook. But Facebook maintains that fault lies not with its own practices but rather with the developers of the apps that carelessly stored their data.

  • "Facebook's policies prohibit storing Facebook information in a public database," the company told Axios. "Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."

The data lived on Amazon's cloud servers. But Amazon says that responsibility for securing data stored with it lies with the companies that put it there.

  • AWS's S3 is like the internet's data warehouse. The programmers for tons of widely used apps and services use it as a cheap, flexible, on-demand source of storage. S3 buckets are set private by default but some are made publicly accessible so users can download data directly.
  • "AWS customers own and fully control their data," Amazon said. "When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here."

The data was held by the app makers.

  • But one of them, "At the Pool," seems to be out of business.
  • The other, Cultura Colectiva, offered no apology in a statement that circulated among journalists on Twitter, but said that the data it was storing came from "the fanpages we manage" and was "public, not sensitive," information.

Our thought bubble: Everything these companies say may be correct, but none of it is satisfying.

  • App makers who are aggregating hundreds of millions of data points about their users owe it to them to protect the resulting databases from random downloaders, not leave them out like a stagnant data dump.
  • Amazon may reasonably let its customers decide whether data should be public or private. But it could also take more proactive measures to alert storage users about what information they've exposed to the whole internet. The world's biggest digital landlord has a role in cleaning up the dumps on its property.
  • Facebook rightly points out that it has tightened up its policies on sharing user data with app makers since last year's Cambridge Analytica debacle. But its lax privacy practices leaked user information to other companies for years. Incidents like this one will continue to erode public trust in Facebook until the company creates something like a digital Superfund to help clean up the messes it has made.

The bottom line: Facebook and Google have turned user data into advertising gold. But that data can also end up as garbage left out on the net in abandoned "buckets" for mischief-makers and criminals to pilfer. When that happens, "not our fault" won't reassure anyone.

Go deeper

Ina Fried, author of Login
20 mins ago - Technology

Amazon wants to flood America with Alexa cameras and microphones

Photo: Amazon

In a Thursday event unveiling a slew of new home devices ahead of the holidays, Amazon made clearer than ever its determination to flood America with cameras, microphones and the voice of Alexa, its AI assistant.

The big picture: Updating popular products and expanding its range to car alarms and in-home drones, Amazon extended its lead in smart home devices and moved into new areas including cloud gaming and car security. The new offerings will also fuel criticism that the tech giant is helping equip a society built around surveillance.

Ben Geman, author of Generate
1 hour ago - Energy & Environment

Oil's turbulent long-term future

Illustration: Aïda Amer/Axios

The oil sector is facing risks from all sides.

Why it matters: Risk in the industry is nothing new. But these are especially turbulent and uncertain times. The industry's market clout has waned, the future of demand is kind of a mystery, and future U.S. policy is too, just to name three.

Meadows on Wray's voter fraud dismissal: "He has a hard time finding emails in his own FBI"

White House chief of staff Mark Meadows dismissed FBI Director Chris Wray's testimony that the U.S. has never historically seen evidence of widespread voter fraud, including by mail, during an appearance on "CBS This Morning" on Friday.

Why it matters: Meadows' statement highlights the Trump administration's strategy to sow doubt in November's election results by challenging the legitimacy of mail-in ballots, which are expected to skew heavily in Democrats' favor.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!