Apr 5, 2019

Written on the 5 April 2019 by David Simmons The UpGuard Cyber Risk Team has discovered that two third-party developed Facebook app datasets have been found exposed online. One of these, originating from Mexican media company Cultura Colectiva, contains over 540 million records detailing comments, likes, reactions, account names, Facebook IDs, and more. A separate backup from a Facebook-integrated app called 'At the Pool' was also found to be vulnerable online. This dataset contained user information including likes, checkins, groups, interests, passwords, and ID data for 22,000 users of the 'At the Pool' app. UpGuard says in a blog post that these types of breaches demonstrate Facebook's lack of control over user data. "As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle," says UpGuard. "Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak." Concerningly, it took Facebook nearly two months to secure the data from the Cultura Colectiva leak despute UpGuard alerting the social media giant to the leak. "These two situations speak to the inherent problem of mass information collection: the data doesn't naturally go away, and a derelict storage location may or may not be given the attention it requires," says UpGuard.