Facebook removes exposed user records stored on Amazon's servers

Apr 06, 2019, 00:43
Facebook removes exposed user records stored on Amazon's servers

Upguard said the Cultura Colectiva MongoDB database contained Facebook users' comments, likes, reactions, account names and other details, and appears to have been collected between 2017 and 2018.

According to a report by security firm UpGuard, more than 500 million Facebook users had their personal data exposed on the public servers of Amazon by app developers.

"For app developers on Facebook, part of the platform's appeal is access to some slice of the data generated by and about Facebook users", Vickery noted.

Suspect In Nipsey Hussle Killing Pleads Not Guilty
Authorities say Holder and Hussle, who knew each other, has several conversations Sunday outside Hussle's The Marathon store. Darden asked Los Angeles Superior Court Judge Teresa Sullivan to ban cameras from the courtroom, a request she denied.

It kept, in plaintext, passwords for 22,000 users. The last one included millions of passwords of its users in plain text, but things just got worse.

Upguard also found a smaller data set in a separate AWS S3 instance which it says was a back up from the "At the Pool" app.

But this week UpGuard's Cyber Risk team revealed in a blog posting that it had found public databases on Facebook users.

Ethiopian 737 MAX: the MCAS was activated before the crash
Boeing also said existing 737 pilots will receive additional computer-based training on the model's anti-stall system. After the software update is approved, it would take about a day to deploy and an hour to upgrade each aircraft.

Whether these third parties actually comply is a contractual matter with Facebook and the user's whose data is compromised have no say in the matter.

About a year ago, Facebook Chief Executive Officer Mark Zuckerberg was preparing to testify to Congress about a particularly egregious example: A developer who handed over data on tens of millions of people to Cambridge Analytica, the political consulting firm that helped Donald Trump on his presidential campaign. The problem is that those servers are publicly accessible, which meant the previously private information was suddenly quite public. The data originated from third-party sources, namely a media company called Cultura Colectiva and an app titled "At the Pool". While it may be able to prevent or limit new leaks like this from happening in the future, the "At the Pool" app shut down in 2014, and yet the data was floating around online for years.

Bloomberg notified Facebook about the presence of this dataset and the company immediately removed it from Amazon's servers.

India Claims Successful Anti-Satellite Weapon Test
The following year, the United States used a ship-launched SM-3 missile to destroy a defunct spy satellite in Operation Burnt Frost.

Brian Vecci, a top executive at the security firm Varonis recommends that consumers check which apps are now collecting data from their accounts and revoke access for those that don't need it. While there was no reply from Cultura Colectiva, Amazon Web Services had responded that the data storage bucket owner was made aware of the exposure and Amazon was looking into further potential ways to handle the situation. The buckets have since been secured or taken offline. Once the data is out of Facebook's hands, the developers can do whatever they want with it. It remains to be seen whether or not each company abused the data they scalped, but the way in which it was stored is already in breach of Facebook's current policies.