Facebook has been dealing with a number of privacy breaches in recent months and it seems another one could be brewing. New reports indicate that app developers on the platform may have left hundreds of millions of user records exposed on cloud serves.
According to research from security firm UpGuard, much of these records came from Mexican media company Cultura Colectiva. The firm said that a 146 GB data set analyzed contained crucial user records including activity on Facebook, account names, and Facebook IDs.
How Many Accounts Did This Leak Affect?
The Facebook app developers leak may have compromised over 540 million records. Another similar incident was also reported, this time relating to an app called “At the Pool.” Although the breach on the app wasn’t nearly as huge as the one associated with Cultura Colectiva, it may have compromised over 22,000 user passwords.
The extent of this Facebook app developers leak is still not yet known. Right now, we don’t know for long the data was publicly available, or whether it may have been obtained by other third parties for malicious purposes.
UpGuard noted that they found the public data on Amazon cloud servers. They notified Facebook and the company corrected the issue. According to Facebook’s own policies, user information should never be stored on public databases.
A statement released by a representative from the company also confirmed that Facebook took immediate action once it was notified about the breach. Facebook also said that it will work with developers to guarantee user data protection.
In this Facebook app developers leak, it looks like the issue happened by mistake. There is no evidence to suggest that it may have been something malicious. But there are still a few unanswered questions. For example, did someone else access public information? What action is Facebook taking to make sure that all affected users are not compromised?
UpGuard stated in its report that user’s data on Facebook has been spread way beyond the “bounds of what Facebook can control.” This is also not the first time the security firm has highlighted such leaks on Amazon servers. They have reported other similar cases in the past.
What is Facebook Doing to Stop This From Happening Again?
One thing Facebook has done is to act swiftly. As soon as news of the Facebook app developers leak broke, the social media company moved to close the affected database immediately. However, there are still a few shortcomings on how they handled the incident in the first place.
UpGuard says that it sent an email to Cultura Colectiva highlighting the issue and it didn’t get any response. The security company followed up the email four days later, and yet there was no response. The firm then decided to reach Amazon Web Services and this time there was finally a response.
Amazon Web Services said in its reply that they had notified Facebook on the issue and added that it was looking into how it came to happen.
Interestingly though, it took over a month for Facebook to deal with the issue. This was extremely slow. A month is a long time and with such sensitive data being public, the outcomes could have been worse.
What to Do As a Facebook User
In case you suspect that your data may have been compromised in this Facebook app developers leak, one thing you can do is to change your password.
But we also know that the breach was related to third-party developers. It is increasingly clear that Facebook may not have any control whatsoever on how these third-party apps handle user data. In that case, you must be very careful about how you use such apps.
If you really don’t have to use them, a good rule would be steering clear as much as possible. Finally, try to develop a security-aware culture.
Let us know in the comment’s section down below if you have any question!
