Two third-party Facebook apps expose user data to public
Two third-party developed Facebook apps have exposed datasets to the internet. The datasets were found to have stored the data with the use of Amazon’s S3 servers.
Amazon S3 is a storage service by the company Amazon that can store and protect any amount of data. UpGuard, a cybersecurity company, reported that an app by Mexico-based company Cultura Colectiva exposed about 146GB of data that included 540 million records such as comments, likes, reactions, accounts names, and more. Another Facebook integrated app named “At The Pool” was also found to have leaked data via an Amazon S3 bucket, containing user IDs, friends, likes, photos, events, and unprotected passwords of about 22,000 users. The passwords seem to be for the “At The Pool” app but it could potentially put users at risk if they have used the same password across their other online accounts.
The data stores in the Amazon servers were exposed in such a way that the public can access and download them. Facebook was only made aware of the data breach and secured the Amazon S3 bucket when media outlet Bloomberg contacted them for a response.