540 Million Facebook Profiles Exposed by 2 Insecure Databases

540 Million Facebook Profiles Exposed by 2 Insecure Databases

It can be hard to keep all the Facebook security and privacy breaches straight — there was just one earlier today, in fact. There’s already another leak of personal Facebook data, but this one didn’t come directly from Facebook. Researchers from cybersecurity firm UpGuard report that two unsecured databases exposed the data from more than 540 million Facebook users.

According to UpGuard, the larger of the two databases belongs to a Mexican media company called Cultura Colectiva. It contains 146GB of user data including comments, likes, reactions, names, Facebook user IDs, and more. The other database comes from a now-defunct Facebook app called “At the pool.” This one had 22,000 passwords stored in plain text associated with user accounts. These were the passwords to At the Pool rather than Facebook, but it’s likely many of those users chose the same password they used on Facebook.

Both databases were in wide-open Amazon S3 buckets that virtually anyone could access. UpGuard may not have been the first to find them for all we know. UpGuard notified Cultura Colectiva several times, but it failed to even acknowledge messages from UpGuard itself and Amazon. The data from those 540 million accounts remained available from early this year until just a few days ago when Facebook intervened with Amazon and had the database secured. Meanwhile, the At the Pool database went offline while UpGuard was still investigating, possible because of a hosting lapse — the app shut down in 2014.

The insecure Cultura Colectiva database in all its glory.
The insecure Cultura Colectiva database in all its glory.

As far as UpGuard can tell, these databases collected all their data in accordance with Facebook’s platform rules. You’d expect the apps you use on Facebook to get some of your data, but they’re supposed to keep it secure. That’s one of Facebook’s rules, but it’s essentially impossible to enforce. Once someone has your data, they have it forever. That’s something we learned the hard way from the Cambridge Analytica scandal. That data was collected on Facebook without any workarounds or hacking, but then it was sold off.

Facebook has tightened data access on its platform in response to Cambridge Analytica. While the social network didn’t do anything to expose this data, it’s still part of the problem. Facebook facilitates the collection of all this data, and it can’t protect you once the data leaves Facebook’s platform.

Continue reading

Apple Cuts Fees in Half for App Store Developers Earning Less Than $1 Million
Apple Cuts Fees in Half for App Store Developers Earning Less Than $1 Million

Going forward, Apple's customary 30 percent cut of sales on the iOS platform will drop to just 15 percent for smaller developers. Epic, however, claims this is just an attempt to split the developer community.

There Are Still 100 Million PCs Running Windows 7
There Are Still 100 Million PCs Running Windows 7

Microsoft officially ended update support for Windows 7 last year, but millions of PCs are still running this software of yesteryear. According to long-time Microsoft reporter Ed Bott, that number is probably north of 100 million a year after the end of support.

Google Slashes Play Store Fees for Developers Making Less Than $1 Million
Google Slashes Play Store Fees for Developers Making Less Than $1 Million

Google has followed Apple's lead in announcing a new, lower revenue split for all earnings under $1 million per year. Instead of paying 30 percent of every sale, developers in this category only pay 15 percent.

Man Blames Apple After iPhone Scam App Steals $1 Million in Bitcoin
Man Blames Apple After iPhone Scam App Steals $1 Million in Bitcoin

He made the mistake of downloading an app from the iOS App Store. In the blink of an eye, his fortune was gone, and he blames Apple.