Millions of Facebook records exposed on public servers - report

[FearLess]

Facebook appears to have dropped the ball on privacy controls again after hundreds of millions of user records were exposed on public servers.

According to a report in the Guardian, cyber security researchers discovered 540 million Facebook records on public Amazon cloud servers.

"One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more," said UpGuard which reported the breach.

"This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data."
The company added that passwords for 22 000 users were stored in plain text, making them easy to read before the breach was plugged.

Facebook user data breaches

Facebook has come under pressure of its handling of user information.

In 2018, the massive social network was involved in a scandal after it emerged that political consultancy Cambridge Analytica was able to access millions of users.

The company singled out Amazon Web Services' (AWS) S3 cloud storage as responsible for facilitating the breach.

"Over four years, UpGuard has detected thousands of S3-related data breaches caused by the incorrect configuration of S3 security settings. Jeff Barr, Chief Evangelist for Amazon Web Services recently announced public access settings for S3 buckets, a new feature designed to help AWS customers stop the epidemic of data breaches caused by incorrect S3 security settings," UpGuard said.

The company argued that AWS makes it too easy for users to misconfigure its buckets and urged the giant to make data buckets private by default.

Changes

AWS announced a public flag for open buckets in 2017 and launched a machine learning service, Amazon Macie, to automatically protect data.

But while UpGuard applauded these changes, it argued that they may not enough - mainly because users continue to have the ability to set data buckets to public.

"Amazon's new S3 security features will likely have the same effect as their previous efforts: They will secure more buckets, but not all. For example, after the launch of the 'public' flag for open buckets and the email campaign to owners of those buckets in November 2017, we saw many buckets disappear. But we also saw many more buckets with sensitive information persist, and new ones created since then with sensitive, publicly accessible data."