Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Windows Server Netlogon Exploit Code Publicly Exposed

Windows Server Netlogon Exploit Code Publicly Exposed
Read more...

Evilnum hackers targeting financial firms with a new Python-based RAT

Evilnum hackers targeting financial firms with a new Python-based RAT
Read more...

Try challenges


Register & Join The Game

Break It

Welcome to Exploit Zone


Become a ninja in the shadow !

News
  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !
Sign in to follow this  

540 Million Facebook User Records Found On Unprotected Amazon Servers

Sign in to follow this  
AdminSec

259 views

It's been a bad week for Facebook users.

First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…

...the bad week gets worse with a new privacy breach.

More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.

The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers.

Researchers at the cybersecurity firm UpGuard today revealed that they discovered two datasets—one from a Mexican media company called Cultura Colectiva and another from a Facebook-integrated app called "At the pool"—both left publicly accessible on the Internet.

facebook app database

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

More than 146 GB of data collected by Cultura Colectiva contains over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more.

The second dataset belonging to "At the Pool" app contains information about users' friends, likes, groups, and checked-in locations, as well as "names, plaintext passwords and email addresses for 22,000 people."

Though UpGuard believes the plaintext passwords found in the database were for the At the Pool app, and not for users' Facebook accounts, given the fact that people frequently re-use the same passwords for multiple apps, many of the leaked passwords could be used to access Facebook accounts.

    "As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third-party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users have been spread far beyond the bounds of what Facebook can control today," experts at UpGuard said.


Both datasets were stored in unsecured Amazon S3 buckets, which have now been secured and taken offline after Upguard, Facebook and media contacted Amazon.

This is not the first time third-party companies have collected or misused Facebook data and sometimes leaked it to the public.

The most famous incident is the Cambridge Analytica scandal wherein the political data firm improperly gathered and misused data on 87 million users through a seemingly innocuous quiz app, for which the social media giant is facing £500,000 EU fine.

Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...