Facebook Devs Expose 540M User Records


Hundreds of millions of Facebook user records were exposed on cloud servers and publicly visible, according to reports.

Security firm UpGuard posted about the news on Wednesday (April 3).

“The UpGuard Cyber Risk team can now report that two more third-party developed Facebook app datasets have been found exposed to the public internet,” the post said.

“One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more. This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data.”

It’s not known how long the exposed data was available or visible, or who may have gotten to it, if anyone did at all. The data sets were both discovered on Amazon cloud servers, and all of the data was removed by Facebook after the company was notified about the problem.

“Facebook’s policies prohibit storing Facebook information in a public database,” a spokesperson for the company said. “Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”

The data being available doesn’t appear to be intentional, but it does highlight the amount of data collected by Facebook third-party apps, and what it’s used for.

“Data about Facebook users has been spread far beyond the bounds of what Facebook can control today,” UpGuard researchers said. “Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.”

Facebook had a similar issue when the political data firm Cambridge Analytica got millions of users information through a seemingly harmless quiz. Since that scandal, the social media giant has reduced the number of apps that have access to user data.



B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.