Facebook truly cannot keep all its data in one basket.
User data including account names, passwords, and email addresses have been stored for years on publicly accessible Amazon cloud computing servers, researchers at cybersecurity firm UpGuard have discovered. The data was compiled several years ago, when Facebook used to more freely share it with third-party apps, but is still sitting unguarded, Upguard tells Bloomberg.
After sifting through the public internet, Upguard researchers said they found over 540 million records containing Facebook users' comments, likes, reactions, and more. All that data was found in a database belonging to the Mexico-based media company Cultura Colectiva. Another 22,000 people's Facebook names, passwords, and email addresses were found available on a database for an app called At the Pool, which shut down in 2014. At The Pool's database disappeared while Upguard was researching, the firm said.
Thousands of apps and websites let users log in with their Facebook credentials, and often ask to access users' Facebook interactions as a condition for doing so. That practice was widely realized during last year's Cambridge Analytica scandal, which revealed how private Facebook user data had been used for political ad targeting. Facebook has since said it has banned third-party apps from scraping private user information.
Upguard says they notified Cultura Captiva about the issue twice but received no response. A Facebook spokesperson told CNN Business that "Facebook's policies prohibit storing Facebook information in a public database," and that it has "worked with Amazon to take down the databases."