Millions of Facebook records exposed on public servers - report

Facebook has struggled with protecting user data. (Duncan Alfreds, News24, file)
Facebook has struggled with protecting user data. (Duncan Alfreds, News24, file)

Facebook appears to have dropped the ball on privacy controls again after hundreds of millions of user records were exposed on public servers.

According to a report in the Guardian, cyber security researchers discovered 540 million Facebook records on public Amazon cloud servers.

"One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more," said UpGuard which reported the breach.

"This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data."

The company added that passwords for 22 000 users were stored in plain text, making them easy to read before the breach was plugged.

Facebook user data breaches

Facebook has come under pressure of its handling of user information.

In 2018, the massive social network was involved in a scandal after it emerged that political consultancy Cambridge Analytica was able to access millions of users.

Fin24 reported on March 22 that user passwords for Facebook Lite were easily visible to employees.

Business Insider SA reported on Wednesday that for Facebook users with Yandex and GMX email accounts were being asked to typed their password directly into Facebook.

"Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak," UpGuard.

The company singled out Amazon Web Services' (AWS) S3 cloud storage as responsible for facilitating the breach.

"Over four years, UpGuard has detected thousands of S3-related data breaches caused by the incorrect configuration of S3 security settings. Jeff Barr, Chief Evangelist for Amazon Web Services recently announced public access settings for S3 buckets, a new feature designed to help AWS customers stop the epidemic of data breaches caused by incorrect S3 security settings," UpGuard said.

The company argued that AWS makes it too easy for users to misconfigure its buckets and urged the giant to make data buckets private by default.


AWS announced a public flag for open buckets in 2017 and launched a machine learning service, Amazon Macie, to automatically protect data.

But while UpGuard applauded these changes, it argued that they may not enough - mainly because users continue to have the ability to set data buckets to public.

"Amazon's new S3 security features will likely have the same effect as their previous efforts: They will secure more buckets, but not all. For example, after the launch of the 'public' flag for open buckets and the email campaign to owners of those buckets in November 2017, we saw many buckets disappear. But we also saw many more buckets with sensitive information persist, and new ones created since then with sensitive, publicly accessible data."

KEEP UPDATED on the latest news by subscribing to our FREE newsletter.

- FOLLOW News24 on Twitter

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Lockdown For
Voting Booth
Should Covid-19 vaccinations be mandatory for employees in workplaces?
Please select an option Oops! Something went wrong, please try again later.
Yes, it is the responsible thing to do
46% - 1479 votes
No, vaccination should be an individual choice
44% - 1414 votes
No, but those who are unvaccinated should have to work from home
11% - 353 votes
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.