History repeats itself and it seems that the same has been happening with Facebook. In the latest series of events security researchers have found hundreds of millions of Facebook user records sitting on an inadvertently public storage server, as reported by Wired. It has hardly been a year since the Cambridge Analytica fiasco exposed Facebook’s lax attitude and it seems that the social media giant is yet again in the midst of another controversy regarding data exposure.
As per the report, researchers from UpGrad have found two batches of users’ data exposing millions of users—their likes, interests and comments. This latest development again puts Facebook in the docks and raises some serious questions about its control over data that it shares with third parties.
After the Cambridge Analytica fiasco, Facebook vowed to crack down on data access and take steps to audit app developers who have access to the mass quantity of data.
The report adds that the one of the exposed databases belonged to Mexico-based Cultura Colectiva and it stored some 146 gigabytes of data, which includes 540 million records — including comments, likes, reactions, account names and more. The company was alerted by UpGuard in January this year, but UpGuard received no response from the company.
Speaking about the data breach, one spokesperson of Facebook said, “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
The other database that lies exposed belonged to an app called ‘At the Pool’. While this database is smaller, it still contained plaintext user passwords for 22,000 users.
According to UpGuard:
“The passwords are presumably for the ‘At the Pool’ app rather than for the user’s Facebook account but would put users at risk who have reused the same password across accounts.”
This latest case of data breach comes amidst Mark Zuckerberg’s plans of a new privacy-focused social media platform in which messages that users ashare are encrypted and the content is ephemeral.