Millions of Facebook records exposed on public servers - report

2019-04-05 08:42
Facebook has struggled with protecting user data. (Duncan Alfreds, News24, file)

Facebook has struggled with protecting user data. (Duncan Alfreds, News24, file)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Facebook appears to have dropped the ball on privacy controls again after hundreds of millions of user records were exposed on public servers.

According to a report in the Guardian, cyber security researchers discovered 540 million Facebook records on public Amazon cloud servers.

"One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more," said UpGuard which reported the breach.

"This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data."

The company added that passwords for 22 000 users were stored in plain text, making them easy to read before the breach was plugged.

Facebook user data breaches

Facebook has come under pressure of its handling of user information.

In 2018, the massive social network was involved in a scandal after it emerged that political consultancy Cambridge Analytica was able to access millions of users.

Fin24 reported on March 22 that user passwords for Facebook Lite were easily visible to employees.

Business Insider SA reported on Wednesday that for Facebook users with Yandex and GMX email accounts were being asked to typed their password directly into Facebook.

"Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak," UpGuard.

The company singled out Amazon Web Services' (AWS) S3 cloud storage as responsible for facilitating the breach.

"Over four years, UpGuard has detected thousands of S3-related data breaches caused by the incorrect configuration of S3 security settings. Jeff Barr, Chief Evangelist for Amazon Web Services recently announced public access settings for S3 buckets, a new feature designed to help AWS customers stop the epidemic of data breaches caused by incorrect S3 security settings," UpGuard said.

The company argued that AWS makes it too easy for users to misconfigure its buckets and urged the giant to make data buckets private by default.

Changes

AWS announced a public flag for open buckets in 2017 and launched a machine learning service, Amazon Macie, to automatically protect data.

But while UpGuard applauded these changes, it argued that they may not enough - mainly because users continue to have the ability to set data buckets to public.

"Amazon's new S3 security features will likely have the same effect as their previous efforts: They will secure more buckets, but not all. For example, after the launch of the 'public' flag for open buckets and the email campaign to owners of those buckets in November 2017, we saw many buckets disappear. But we also saw many more buckets with sensitive information persist, and new ones created since then with sensitive, publicly accessible data."

KEEP UPDATED on the latest news by subscribing to our FREE newsletter.

- FOLLOW News24 on Twitter

Read more on:    facebook  |  social networks  |  cyber security
NEXT ON NEWS24X

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

Inside News24

 
Traffic Alerts
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.