For several years, Facebook had allowed app developers access to information on anyone using their app, as well as access to data on users’ friends. Researchers at cybersecurity firm UpGuard reported Wednesday that they had found an outrageous amount of user information hiding in plain sight, unintentionally posted on Amazon’s S3 public servers. These records were accessible and downloadable for anyone who could find them online.
What Was Exposed?
The data reportedly contains over 146 GB of data, amounting to over 540 million Facebook user records, including Facebook user IDs, account names, comments, likes, reactions, check ins etc. The database was closed on Wednesday after Bloomberg notified Facebook about the problem and Facebook contacted Amazon.
“In general, we work with developers to make sure that they’re respecting people’s information and using it in only ways that they want.”Mark Zuckerberg – CEO, Facebook
This is not the first data leak in 2019 for Facebook, by any means, in fact, only last month Facebook was alerted about a bug that exposed conversations to hackers; and not 2 weeks ago, Krebs on Security reports detailed Facebook passwords being stored in plaintext, without encryption, on an internal platform, available for any Facebook employee to view at their leisure.
Just about marking the 1-year anniversary since Cambridge Analytica exposed how unsecure and widely dispersed Facebook user’s information is online, Zuckerberg holds that he is proud of the progress Facebook has made to restrict privacy breaches and combat the spread of misinformation.
Another Week, Another Facebook Leak
There is unfortunately no telling who exactly has had access to this data set, and for how long it was exposed to the general public, so it is still considered a high security risk. These findings will continue to highlight problems that will continue to plague large organizations that depend on mass data collection and storage.
At the end of the day, storing information that is collected from end users is a liability. That being said, the more you have, the greater that liability becomes, and Facebook has a lot.
By now, the onslaught of data breach news has led to what many are referring to as “data breach fatigue.” The seemingly constant string of data breaches has some referring thing the film “Groundhog Day”, starring Bill Murray. Due to some unexplained movie constructs, Murray ends up caught up in a time loop leaving him to relive the same day, over and over.
In the world of cybersecurity, things do not appear to be much different. There is a new data breach reported every day, and at this point, people begin shrugging their shoulders, assuming a “what-else-is-new” mentality, which although understandable, becomes problematic for organizations and consumers alike.
- Facebook: Data, Dollars, Tokens and Trust
- Facebook: Passwords Stored in Plaintext
- What is the Purpose of a Penetration Test?
- Who’s Testing Your Web Applications?
One obvious consequence of the constant onslaught of data breaches is “data breach fatigue”, which holds the idea that consumers have become desensitized and indifferent to the effects of data breaches and, expectedly, less and less motivated to do anything to protect themselves. On the business side, one might argue that it is this phenomenon that leads business leaders into a situation where they may fail to plan for new technologies, new strategies and new threats.
Unfortunately, this mentality is of no use and has no place in the world of large organizations. After all, these breaches are costing everyone money, and lots of it.