Data on 540 million Facebook users exposed

  • Published
Man looking at FacebookImage source, Reuters
Image caption,
The exposed data was gathered from visitors to Facebook pages for a Mexican digital publisher

Detailed information about more than 540 million Facebook users was left publicly viewable for months, a security firm has found.

UpGuard found the massive cache of data on unsecured Amazon servers used by a Mexican social media firm.

The information came from visitors to Cultura Colectiva's Facebook pages and included account names, ID numbers, comments and reactions.

Facebook said the data had now been removed from the servers.

Cultura Colectiva said the data it amassed came from interactions with users via its various Facebook pages. All the same information would be available to anyone that looked at those public pages, it added.

No private data such as emails or passwords were stored, because Cultura Colectiva did not have access to that information, it said.

"We are aware of the potential uses of data in current times, so we have reinforced our security measures to protect the data and privacy of our Facebook fanpages' users," it told Reuters.

Facebook said that Amazon helped it remove the data once UpGuard flagged that it was available. Also removed was a smaller database of more than 22,000 people amassed by a separate firm that listed names, passwords and email addresses.

The social network said its policies prohibited Facebook data being stored in publicly-accessible databases.

UpGuard found the data about the Facebook users as part of regular checks it carries out on Amazon S3 servers that have inadvertently exposed databases. Its latest survey found seven other instances that exposed:

  • trade secrets from hosting firm GoDaddy
  • passwords and crypto keys for internet provider Pocket Inet
  • 14 million Verizon customer records
  • critical data for Viacom applications
  • records of 1.8 million Chicago voters

The accidental sharing of data about Facebook users is the latest in a long series of incidents that have exposed sensitive or personal information.

In late March, Facebook found that the passwords of about 600 million users were stored internally in plain text for months.

In September 2018, information on 50 million users was exposed by a security flaw.

And earlier last year, Facebook revealed that data on millions of users had been harvested by data science company Cambridge Analytica.