Hey guys, guess what happened this week? I'll give you a hint, it involves Facebook. Come on, you'll never guess it.

Oh wait, your guess is that there was another data breach affecting millions of people? Congratulations. You're right, just like everyone else.

Reuters

Cybersecurity researchers hunting for data breaches uncovered two Amazon cloud servers earlier this year, storing Facebook data collected by two different third-party companies. You know, the kinds Facebook got in trouble for with Cambridge Analytica? Yeah, there were about 540 million records found, which means tens of millions of users could be affected.

Both servers were found by researchers from UpGuard, a California-based cyber-security firm. The first server, which contained most of the data, belonged to Cultura Colectiva, a Mexico-based platform. This 146GB server stored over 540 million records including things like user account names, Facebook IDs, comments, likes, reactions, and more.

The second AWS server stored data recorded by a Facebook game 'At the Pool', with similar data. It also however included things like photos, groups, user preferences for movies, music, books, and more, as well as 22,000 passwords.

"The passwords are presumably for the 'At the Pool' app rather than for the user's Facebook account, but would put users at risk who have reused the same password across accounts," UpGuard said.

Now, even if users allow third parties to collect their data, it's meant to be kept secure, which this was decidedly not. UpGuard said Cultura Colectiva didn't even bother to respond to their emails about the vulnerability, and Amazon didn't take down the server leaking data either despite being notified. It was only after UpGuard told Bloomberg, who contacted Facebook for the story, that Amazon acted, and that too only at Facebook's request.

At the very least, At The Pool's server was taken down before UpGuard could even identify the company behind it. However, the researchers don't know if there was a coincidence, or some sort of security lapse, or if someone else reported the breach to the company. Either way, the game is no longer active on Facebook, and it seems the company had previously shut down but left the data online.

Honestly, we shouldn't even be surprised at this point. Facebook has for years now failed at every turn when it comes to user privacy and security. It's hard to even stay mad because it's exhausting being incensed so often.

Which is stupid, because they have a large security team protecting from hackers and the like. So to be so lax with user data, which is just as important, is ludicrous. So many small companies that have collected user data over the years are now shutting down without deleting their stores, so user data is leaking left and right. But it should be up to Facebook to keep track of this and ensure the data is protected, not uninvolved cybersecurity researchers.

At this point, it's almost like Mark Zuckerberg has no more fun in life and is seeking thrills from seeing how much he can flout the law and piss on his users before he gets into trouble. And unless we as users start valuing our personal data more, companies like Facebook will keep getting away with data breaches without any consequence.