The cybersecurity firm UpGuarrd discovered that two third-party Facebook app developers had stored hundreds of millions of user records on Amazon’s publicly accessible cloud computing servers.
The biggest violator of the two is Mexican digital publisher Cultura Colectiva. The data they stored amounts to 146 gigabytes of data (more than 540 million records), comments, likes, reactions, account names, FB IDs and more. The other, a Los Angeles-based social network app called The Pool Party, had a database of names, email addresses, photos, friends lists and likes of 22,000 additional users.
Cultura Colectiva and Amazon Web Services were made aware of the issue in January, but it wasn’t until Bloomberg contacted Facebook for a comment on April 3rd, 2019, that measures were taken to secure the exposed data by taking the databases down.
Facebook has stated that its policies “prohibit storing Facebook information in a public database.” This, however, is no excuse and shows that Facebook has difficulties with keeping third-party developers in check as they must ensure that they apply the same or even greater safeguard mechanisms to keep user data safe.