540 Million Facebook Profiles Exposed by 2 Insecure Databases

540 Million Facebook Profiles Exposed by 2 Insecure Databases

It can be hard to keep all the Facebook security and privacy breaches straight — there was just one earlier today, in fact. There’s already another leak of personal Facebook data, but this one didn’t come directly from Facebook. Researchers from cybersecurity firm UpGuard report that two unsecured databases exposed the data from more than 540 million Facebook users.

According to UpGuard, the larger of the two databases belongs to a Mexican media company called Cultura Colectiva. It contains 146GB of user data including comments, likes, reactions, names, Facebook user IDs, and more. The other database comes from a now-defunct Facebook app called “At the pool.” This one had 22,000 passwords stored in plain text associated with user accounts. These were the passwords to At the Pool rather than Facebook, but it’s likely many of those users chose the same password they used on Facebook.

Both databases were in wide-open Amazon S3 buckets that virtually anyone could access. UpGuard may not have been the first to find them for all we know. UpGuard notified Cultura Colectiva several times, but it failed to even acknowledge messages from UpGuard itself and Amazon. The data from those 540 million accounts remained available from early this year until just a few days ago when Facebook intervened with Amazon and had the database secured. Meanwhile, the At the Pool database went offline while UpGuard was still investigating, possible because of a hosting lapse — the app shut down in 2014.

The insecure Cultura Colectiva database in all its glory.
The insecure Cultura Colectiva database in all its glory.

As far as UpGuard can tell, these databases collected all their data in accordance with Facebook’s platform rules. You’d expect the apps you use on Facebook to get some of your data, but they’re supposed to keep it secure. That’s one of Facebook’s rules, but it’s essentially impossible to enforce. Once someone has your data, they have it forever. That’s something we learned the hard way from the Cambridge Analytica scandal. That data was collected on Facebook without any workarounds or hacking, but then it was sold off.

Facebook has tightened data access on its platform in response to Cambridge Analytica. While the social network didn’t do anything to expose this data, it’s still part of the problem. Facebook facilitates the collection of all this data, and it can’t protect you once the data leaves Facebook’s platform.

Continue reading

AMD’s Upcoming 12-Core Ryzen CPU Pops Up in Online Database
AMD’s Upcoming 12-Core Ryzen CPU Pops Up in Online Database

New leaked data suggests AMD will bring a 12-core CPU to the mainstream desktop market when 7nm Ryzen launches later this year.

Court Allows Police Full Access to Online Genealogy Database
Court Allows Police Full Access to Online Genealogy Database

A Florida court has set a potentially troubling precedent by allowing police to access one of these online databases in full, even if users opted out of law enforcement searches.

Businesses Want Database Experts. Learn SQL For Only $12.99
Businesses Want Database Experts. Learn SQL For Only $12.99

Even if you’ve never dealt with programming before, the MySQL and SQL for Beginners course (now just $12.99, over 90 percent off) will help you grasp its importance as one of the top tech skills of 2019.

Intel Core i9-10900K Appears in 3DMark Database With 5.1GHz Boost Clock
Intel Core i9-10900K Appears in 3DMark Database With 5.1GHz Boost Clock

The Intel Core i9-10900K has shown up in 3DMark database results, showing 10 cores, 20 threads, and a maximum turbo clock above 5GHz.