Details of More Than 540 Million Facebook Users Leaked on Easily Accessible Amazon Cloud Storage

The details of over 540 million Facebook users have been stored on an open and easy-accessible Amazon Cloud Storage server for months, reported multiple high-profile media outlets quoting a blog post published by a cyber-security research team based in Northern California. Roughly 150gb of data containing information such as ID numbers, and Facebook activity that includes comments, reactions and even account names gathered by a Mexico-based company named Cultura Colectiva, has been available for download by anyone who could find the files.

The database was taken down days after Bloomberg flagged the issue to Facebook. The cyber-security researchers brought it to the attention of Cultura Colectiva and Amazon, but both companies ignored their attempts for months. In a statement to Reuters, Facebook said that their “policies prohibit storing Facebook information in a public database” and reacted relatively quick in taking down the files. However, it is believed that the data have been sitting there for months and it is unknown how many times has been downloaded and who currently have access to it – a copy of the data may still be available somewhere on the internet.

In a comment to Reuters, Cultura Colectiva spokesperson said that “neither sensitive nor private data, like emails or passwords, were amongst” the details stored on the Amazon servers. They said that they’ve never had access to sensitive and personal information such as SSN, addresses, and drivers license numbers and the information that was in the data stored on Amazon was public anyway. However, they admitted that such data could be misused by third parties and they did not secure the data even though they knew that storing Facebook information on public databases is against the policies of the biggest social media network.

Even though Facebook reacted relatively quick into taking down the data, such data leaks should not be allowed to happen in the first place. The social media giant is still struggling to deal with the problems caused by allowing developers to collect massive amounts of data from app users. Since the Cambridge Analytica scandal, Facebook has been going through a whole lot of security issues, last month Mark Zuckerberg’s company accidentally exposed the passwords of roughly half billion Facebook and Instagram users to more than half of the company’s 36,000 employees worldwide. Here at Panda Security, we recommend you always to be protected, and to change your password at least once every three months, and to avoid reusing the same login details on multiple websites.