Researchers have found a huge collection of data on Facebook Inc. (NASDAQ: FB) users on Amazon’s (NASDAQ: AMZN) cloud computing servers. According to cybersecurity firm UpGuard, third-party Facebook app developers stored user data on Amazon’s servers in a way that exposed it to the public. The data was only taken offline recently. There has been no estimation as to how long the information was exposed.
Chris Vickery, the director of cyber risk research at UpGuard, said that the data appeared to have been gathered through a Facebook integration. Facebook lets third party developers integrate apps and websites with its platform to increase functionality and ease of use. A Facebook spokesperson said in a statement the company is continuing to assess the extent of the information that was available and how people might have been impacted.
According to the report from UpGuard, a Mexican company called Cultura Colectiva stored 146 gigabytes of data with Amazon cloud services. That data contained more than 540 million records that included Facebook users’ comments, likes, reactions and account names. UpGuard said that it alerted the company in early January and alerted Amazon by the end of January, but the database wasn’t secured until this week.
Another database was found that belonged to an app called At the Pool. That data contained plaintext user passwords for 22,000 users, presumably for the At the Pool app. However, that data in the wrong hands could be harmful for anyone who have reused the same password across accounts. The app looks like it was shut down in 2014, but it’s not clear how long the information was exposed.
Facebook has vowed to crack down on data access and to audit app developers that have ever had access to mass quantities of data. Facebook’s spokesperson said, “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
