Researchers Find 540 Million Facebook User Records on Exposed Servers :
Security researchers have found hundreds of millions of Facebook user records sitting on an inadvertently public storage server.
The two batches of user records were collected and exposed from two third-party companies, according to researchers at security firm UpGuard, who found the data.
In the researchers' write-up, Mexico-based digital media company Cultura Colectiva left more than 540 million records — including comments, likes, reactions, account names and more — stored on the Amazon S3 storage server without a password, allowing anyone to access the data. Another backup file on a separate storage server by defunct California-based app maker At The Pool contained even more sensitive data, including scraped information on more than 22,000 users, such as a user's friends lists, interests, photos, group memberships and check-ins.
According to UpGuard, neither company responded to requests to have the data removed. Facebook contacted Amazon to pull the data offline, a Facebook spokesperson told TechCrunch.
"Facebook's policies prohibit storing Facebook information in a public database," said the spokesperson. Facebook said there is no evidence yet to show the data has been misused but that it was investigating.
[...] "Storing personal information collected from end users is a liability," said [director of cyber risk research at UpGuard, Chris] Vickery. "The more you have, the greater that liability becomes."
At what point will we see Facebook actually take protection of user's info seriously?
(Score: 1, Funny) by aristarchus on Thursday April 04 2019, @08:07AM
Thank goodness none of them were mine! What kind of idiot would have Facebook Account, anyway? Takyon?
(Score: 2) by black6host on Thursday April 04 2019, @08:11AM (1 child)
When it behooves them to do so, financially speaking.
So, the question becomes: What can we do to make that a reality.
(Score: 1, Interesting) by Anonymous Coward on Thursday April 04 2019, @08:33AM
Or when Congress fines the fuck out of them for violating their 2011 consent decree. That will not only get FB's attention, it will result in some long term, heavy handed governmental oversight.
(Score: 4, Insightful) by bradley13 on Thursday April 04 2019, @08:59AM (2 children)
One of the few really good things the EU parliament has done. If European users are affected, the companies can face massive fines over carelessness like this.
If you take privacy seriously, then you need laws like the GDPR that allow people to control what is done with their data, and that have serious penalties for abuse or carelessness.
Everyone is somebody else's weirdo.
(Score: 3, Interesting) by c0lo on Thursday April 04 2019, @10:33AM
Question is: will they?
540M records - some are bound to belong to Europeans.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2, Insightful) by Anonymous Coward on Thursday April 04 2019, @06:21PM
Which company faces the fine? Neither DB 'belonged" to facebook directly, and it seems both of the companies involved no longer exist. It would be interesting if amazon were somehow found liable as well - though the implications of that would just about kill the internet.
(Score: 1, Funny) by Anonymous Coward on Thursday April 04 2019, @09:47AM (3 children)
Are exposed servers something like naked waiters?
(Score: 2) by acid andy on Thursday April 04 2019, @01:01PM
A little, although generally speaking you'll find them less curvy, more chafy, but, in the fleeting time window that exists before they become infested with ransomware, they seldom ask you for tips. Whilst still inside that glorious, uninfected time window, they are generally also much faster than the waiters who, as their name implies, often leave you waiting.
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 0) by Anonymous Coward on Thursday April 04 2019, @01:20PM
And at which restaurant can one get naked waiters?
(Score: 2) by VLM on Thursday April 04 2019, @02:20PM
Hooters DevOps
(Score: 4, Insightful) by Anonymous Coward on Thursday April 04 2019, @12:53PM (1 child)
When theZuck is facing jailtime or his personal fortune is at risk of confiscation for these security breeches.
But as long as theZuck has no jail time prospect and no at risk personal fortune, nothing will change.
(Score: 2) by DeathMonkey on Thursday April 04 2019, @06:02PM
Elizabeth Warren agrees with you!
Elizabeth Warren: Corporate executives must face jail time for overseeing massive scams [washingtonpost.com]
Sen. Elizabeth Warren unveils a bill to make it easier to jail executives for company abuses [cnbc.com]
(Score: 3, Insightful) by VLM on Thursday April 04 2019, @02:21PM (1 child)
The specific trivial technologies change, but the pattern of security failures has remained the same for decades.
I'm not even sure there's a point to putting effort into being "up to date" with security issues when the same problems have existed for decades.
(Score: 2) by Freeman on Thursday April 04 2019, @04:12PM
In my current job, I have many hats so to speak. One activity lead me to a configuration file for a web service. Someone had created a user and password for the service, but they also left the default user and password in the configuration file. I fixed that. At least it was better than not needing a password to login.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by nobu_the_bard on Thursday April 04 2019, @08:33PM
What should Facebook have been doing about this breach at a third party to prevent this? Some kind of policy of requiring companies store the data in specific ways?
I'm not accusing. I am ignorant and do not know, and want to hear about that, instead of just "Facebook should do something."