Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

The tale of the latest Facebook data spill, announced Wednesday by security outfit Upguard, has a unique new twist: No one is shouldering responsibility for the half a billion user records that were exposed on a public server.

Driving the news: The story broke yesterday when Upguard reported it had found two troves of Facebook user data sitting on publicly accessible Amazon Web Services S3 "buckets" — cloud storage containers used mostly by backend programmers.

  • The first belonged to a Mexico-based media company, Cultura Colectiva, and contained 540 million user records.
  • The second contained a backup by the apparently defunct Facebook app "At the Pool," which, though much smaller, included more sensitive information, including plain text passwords for 22,000 users.

The data originated with Facebook. But Facebook maintains that fault lies not with its own practices but rather with the developers of the apps that carelessly stored their data.

  • "Facebook's policies prohibit storing Facebook information in a public database," the company told Axios. "Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data."

The data lived on Amazon's cloud servers. But Amazon says that responsibility for securing data stored with it lies with the companies that put it there.

  • AWS's S3 is like the internet's data warehouse. The programmers for tons of widely used apps and services use it as a cheap, flexible, on-demand source of storage. S3 buckets are set private by default but some are made publicly accessible so users can download data directly.
  • "AWS customers own and fully control their data," Amazon said. "When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here."

The data was held by the app makers.

  • But one of them, "At the Pool," seems to be out of business.
  • The other, Cultura Colectiva, offered no apology in a statement that circulated among journalists on Twitter, but said that the data it was storing came from "the fanpages we manage" and was "public, not sensitive," information.

Our thought bubble: Everything these companies say may be correct, but none of it is satisfying.

  • App makers who are aggregating hundreds of millions of data points about their users owe it to them to protect the resulting databases from random downloaders, not leave them out like a stagnant data dump.
  • Amazon may reasonably let its customers decide whether data should be public or private. But it could also take more proactive measures to alert storage users about what information they've exposed to the whole internet. The world's biggest digital landlord has a role in cleaning up the dumps on its property.
  • Facebook rightly points out that it has tightened up its policies on sharing user data with app makers since last year's Cambridge Analytica debacle. But its lax privacy practices leaked user information to other companies for years. Incidents like this one will continue to erode public trust in Facebook until the company creates something like a digital Superfund to help clean up the messes it has made.

The bottom line: Facebook and Google have turned user data into advertising gold. But that data can also end up as garbage left out on the net in abandoned "buckets" for mischief-makers and criminals to pilfer. When that happens, "not our fault" won't reassure anyone.

Go deeper

28 U.S. citizens depart Afghanistan on Qatar Airways flight

Passengers board a Qatar Airways aircraft bound to Qatar at the airport in Kabul on September 10, 2021. Photo: Aamir Qureshi/AFP via Getty Images

The State Department on Saturday confirmed that a Qatar Airways charter flight left Kabul on Friday with 28 U.S. citizens and seven lawful permanent residents on board.

The big picture: Friday's flight is the third such airlift by Qatar Airways since the Taliban takeover of Afghanistan, AP reports.

Updated 1 hour ago - Politics & Policy

Smaller than expected "Justice for J6" rally met with large police presence

Police officers watch as demonstrators gather for the "Justice for J6" rally in Washington, D.C., on Sept. 18, 2021. Photo: Andrew Caballero-Reynolds/AFP via Getty Images

A few hundred demonstrators were met by a heavy law enforcement presence on Saturday at the "Justice for J6" rally outside the fenced-off U.S. Capitol, AP reports.

The latest: Four people were arrested at the rally, including one person with a gun, one with a knife and two with outstanding warrants, per the U.S. Capitol Police.

DHS to increase deportation flights to Haiti from Del Rio

Migrants walk across the Rio Grande River carrying supplies back to a makeshift encampment under the international bridge between Del Rio, Texas, and Acuña, Mexico. Officials are struggling to provide food, water, shelter and sanitation, forcing migrants to cross the Rio Grande several times per day for basic necessities. Photo: Jordan Vonderhaar via Getty Images

The Department of Homeland Security on Saturday announced plans to ramp up deportation flights to Haiti out of the small Texas border town Del Rio, starting as soon as Sunday.

Why it matters: Reports have emerged of more than 10,000 migrants, primarily from Haiti, crowded in a temporary camp under the international bridge in Del Rio. Hoping to find refuge in the United States, they've had to bear with filthy conditions and the scorching sun for days, per an NBC News affiliate.