Cybersecurity sleuths at UpGuard have discovered a huge repository of Facebook records exposed on the public internet. The records exposed consisted of datasets from two third-party apps which used Facebook’s records.
UpGuard has confirmed that one of the datasets that lay exposed publicly belonged to a Mexico-based media company called Cultura Colectiva. This dataset had over 146 GB of data which consisted of over 540 million records. These records included details like comments, likes, reactions, account names, FB IDs and more.
Another leak was linked to a separate backup from Facebook’s integrated app called At the Pool. The database was found to be exposed to the internet via an Amazon S3 bucket. This database backup contained sensitive details such as user’s friend lists, interests, group memberships, photos, and check-ins. This database had information on about 22,000 Facebook users and also passwords. But these passwords were probably for the At the Pool app rather than for the user’s Facebook account.
While the At the Pool database was pulled offline during UpGuard’s investigation itself, the company reported that Cutura Colectiva failed to respond to the company’s emails intimating them about the exposed data. The security company then approached Amazon as the data was stored in Amazon’s S3 cloud storage. Finally, the database was only taken down recently, presumably when Facebook intervened.