Millions of Facebook records were found on publicly accessible Amazon's cloud servers by researchers at UpGuard, a cybersecurity firm, reports Bloomberg. The data was uploaded by third-party companies that work with Facebook.
Mexico City-based media company Cultura Colectiva, for example, was storing 540 million records on Facebook users on Amazon's servers, offering up information that included identification numbers, comments, reactions, and account names.
A now-defunct app called At the Pool shared sensitive data like names and email addresses for 22,000 Facebook users.
Facebook did not leak this data, but it did provide the data to the third-party companies that went on to improperly store it with no oversight from Facebook. For years, Facebook provided extensive customer information to advertisers and partners, and while the company has since cracked down on the amount of data it shares, the previously obtained information is still widely available.
"The public doesn't realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners," said Chris Vickery, director of cyber risk research at UpGuard. "Not enough care is being put into the security side of big data."
Facebook's prior data sharing habits allowed any app on the site to obtain information from the people using the app and their friends in many cases, which led to the scandal that saw Cambridge Analytica illicitly using personal data acquired from Facebook to create targeted political advertisements in the 2016 election.
Facebook has since modified its privacy policies and has cut down on the access that apps have. Facebook has also suspended hundreds of apps and began audits to make sure data isn't being mishandled.
In response to the public Facebook data found by UpGuard, a Facebook spokesperson told Bloomberg that its policies prohibit the storing of Facebook information in a public database, though there is apparently little oversight from Facebook. Facebook did work with Amazon to take down the databases that were sharing data publicly after UpGuard's discovery.