Millions of Facebook Records Found on Amazon Cloud Servers

Researchers at UpGuard, a cybersecurity firm, found troves of Facebook user information hiding in plain sight, inadvertently posted publicly on Amazon.com's cloud computing servers. From a report: The discovery shows that a year after the Cambridge Analytica scandal exposed how unsecure and widely disseminated Facebook users' information is online, companies that control that information at every step still haven't done enough to seal up private data, Bloomberg News reports. In one instance, Mexico City-based media company Cultura Colectiva openly stored 540 million records on Facebook users, including identification numbers, comments, reactions and account names. That database was closed on Wednesday after Bloomberg alerted Facebook to the problem and Facebook contacted Amazon. Facebook shares pared their gains after the Bloomberg News report. UpGuard adds: The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers. As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.

stealmyidentitynow.com should be the name

[WCMI92]

If truth was in domain names...

Dont' want it on front page of newspaper

Don't want my information on the front page of the newspaper and it's not posted on facebook or other social media.

Cut the cord one app at a time, no need to be engaged with so many time wasters. Don't need an app to keep in touch with friends and family, give them a call once in a while.

Re:Dont' want it on front page of newspaper

[Opportunist]

You have to know how to use Facebook. It's an advertising platform. Use it as such. Lie. Present yourself. Pretend that you rub shoulders with the greatest and best in your profession. Never say anything controversial. Have interests like volunteering for some bullshit social crap and, depending on whether you're aiming for companies in that area, the religious woo local to you.

So why would I mind if that information gets published? Free ad space, yay!

So, who's going to jail?

Nobody? See, that's why they keep doing it. Cheaters gonna cheat.

Not Using FB Won't Help

FaceBook is everywhere on the web, and they buy your data from other sources. You are in their database, like it or not.

And FB is not the only company playing loose with your data.

Until we have politicians who A - understand the problem, and B - aren't owned by Silicon Valley, things are going to get worse.

I for one never want another "free" year of credit monitoring after yet another company I've done business with or used to work for gives up my data.

Re:Not Using FB Won't Help

[Opportunist]

If you can't avoid being in their database, start controlling what's said in that database. Feed it with information that makes you look good.

No, it doesn't have to be true. I never said that.

So part of the issue here is S3 being retarded

And the other part is "professionals" being too retarded to spot how retarded S3 is.

Re:So part of the issue here is S3 being retarded

There isn't anything inherently wrong with S3. More like "professionals" not knowing how to secure their shit from the outside world.

Re:So part of the issue here is S3 being retarded

[FictionPimp]

S3 is secure by default (no access is allowed). You have to take steps to make it insecure. The sad part is most admins/devs don't understand or want to understand the security implications and just open it up.

Amazon needs better controls

We hear about security lapses in the cloud all the time. Amazon needs to dumb proof the security. I highly doubt these leaks are intentional so Amazon should come up with additional ways to let people know their data is exposed!

Re:Amazon needs better controls

[FictionPimp]

They do, it literally is built in to s3. Go to the console and you can see if a bucket is public or has public data. You can then use their compliance tools to go more in-depth. You can even outright ban public files/buckets. The problem is the idiots not amazon.

Here's what matters more.

Data about Facebook users has been spread far beyond the bounds of what Facebook can control today.

I don't care.

Facebook users know the deal and they don't give a fuck. That's fine.

What is WAY more important here is that data about NON-facebook users is also being spread far and wide, because Facebook harvests as much about as many people as it can. It scrapes address books, it scrapes web browsing history (yea yea, a tiny few people know how to avoid that, but most don't), it buys credit report info, it compiles dossiers on people who try their best to have nothing to do with it.

THAT is the problem.

What happens to Facebook users? Meh. Hard to give a shit about them, when they don't give a shit about themselves.

Surprised?

[DogDude]

I'd be surprised if anybody with an IQ above room temperature was surprised.

Re:Surprised?

[grep+-v+'.*'+*]

So do you mean an IQ of 24 C? Or 297 K?

FACEBOOK: Our DNA is data -- and boy, are we full of it!

Re:Surprised?

First one then the other.

Re:Surprised?

[Opportunist]

That joke works best with Fahrenheit.

Facebook

[tsa]

The gift that keeps on sharing.

Re:Facebook

[Opportunist]

Fun fact: "Gift" is the German word for poison.

So ... yeah...

scraped public info?

so is the information on the servers just public information people shared that these companies scraped, or is it information that they weren't supposed to have? looks like a major nothing burger so far

Welcome back to

[AHuxley]

PRISM.

Re:Welcome back to

[Opportunist]

Only this time you can be a part of it. Yay!

Block FB with hosts to limit data collection?

It might be a good idea to use hosts to block Facebook and limit their data collection and tracking. I know they use a variety of domains other than the primary facebook.com, so it might be good to have a tool that periodically updates the hosts file to block any new domains that Facebook is using. Any suggestions for tools that might do this on Windows, Linux, and MacOS?

Anyone download it?

I'd love me a torrent/dump link of this data. Come'on it's already public.

Definitely avoid APK's crapware

APK's software is complete shit. You should avoid it at all costs. Google for Steven Black's hosts file software, instead. It works much better, and Steven Black's software can actually run on MacOS. Steven Black's software can run on all of the operating systems you mentioned, it's open source, and just an all-around better solution than APK's shit.

No kidding ...

companies that control that information at every step still haven't done enough to seal up private data

News flash kiddies, these companies don't believe in 'private' data. They believe they are entitled to this, and that we should be expected to accept this.

I refuse to accept that.

I will block any social media company, ad company, tracker, and anybody I neither know nor adds value to a web-page. Nobody runs scripts, nobody sets cookies, nobody gets web bugs.

I know I'm not remotely anonymous on the web, but I'm as much of a digital ghost as I can be.

I don't have accounts, I don't have profiles, I don't have anything which causes me to be shown in google searches.

And my browsers block the ever-loving hell out of any third party crap -- you can't track what doesn't make HTTP requests to you.

Consequences

Seeing as there aren't really any consequences for this kind of thing, who cares? Nothing gonna change.