Facebook User Info Exposed in Misconfigured Public Cloud Storage
Once once more, Facebook customers are being warned a few knowledge leak that would doubtlessly expose them to danger, as over 540 million knowledge information from the social community have been discovered publicly uncovered within the cloud. The impression of the info disclosure is nonetheless being debated by one of many distributors that has been implicated within the knowledge leak.
The disclosure was made on April three by safety agency UpGuard Cyber Risk, which has a historical past of discovering and disclosing knowledge present in un-secured public cloud storage repositories. In the brand new Facebook disclosure, UpGuard discovered two separate cloud storage knowledge buckets, from completely different third celebration distributors that work with Facebook.
“One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more,” UpGuard wrote in its advisory. “A separate backup from a Facebook-integrated app titled “At the Pool” was additionally discovered uncovered to the general public web through an Amazon S3 bucket.”
Further studying How to Fight the Threat of USB Thumb Drives AppOmni Emerges to Secure SaaS Applications
The knowledge from the “At the Pool” app is probably extra delicate for Facebook customers because it additionally included over 22,000 plaintext passwords. According to UpGuard’s evaluation, the passwords had been for the “At the Pool” app and never the customers Facebook accounts.
In a press release despatched to media retailers, Cultura Collective argued that the info that was uncovered, was already publicly accessible.
“All the publicly available data provided to us by Facebook, gathered from the fanpages we manage as publisher, is public, not sensitive, and available to all users who have access to Facebook,” Cultura Collective said. “However, neither sensitive nor private data like emails or passwords were amongst those because we do not have access to that kind of data, so we did not put our users’ privacy and security at risk.”
For its’ half, UpGuard argued that Cultura Collective continues to be at fault for the way in which it dealt with consumer info.
“It’s one thing for an FB user to be excited enough to follow a fan page, knowing they’re sharing that excitement with their friends,” UpGuard wrote in a Twitter message. ” It’s quite another thing for millions of those records to be aggregated, stored and left exposed on the Internet in a gigantic database.”
How The Data Was Discovered
UpGuard isn’t any stranger to discovering info that has been left open within the public cloud. Among the disclosures that UpGuard has made about knowledge present in cloud storage buckets are leaks involving Accenture, Verizon, the Department of Defense, and an enormous leak that concerned 123 million American family from knowledge analytics agency Alteryx. In each case, the basis trigger was functionally the identical, the group in query or one among its companions, inadvertently left an Amazon S3 storage bucket in a misconfigured state that enabled public entry. With the brand new Facebook disclosure, the basis trigger is strictly the identical.
With an Amazon S3 storage bucket there are a number of configuration settings to permit or prohibit several types of entry….