5.4 billion Facebook user records leaked
5.4 billion Facebook user records, passwords, comments, etc. leaked The biggest story that happened on the last day is undoubtedly another Facebook vulnerability. This time, sensitive data like passwords is part of the vulnerability, as well as Facebook IDs, comments, responses, account names, and more.
This leak is achieved by third-party application developers roughly processing user data and storing it on an insecure Amazon S3 server. Specifically, two services were found to be responsible for this data breach: a Mexican media company called Cultura Colectiva and a Facebook integrated application called At the Pool.
The former is the cause of most of the losses, with 146 GB of data in nearly 540 million Facebook records. In contrast, in the Pool, only about 22,000 passwords are responsible, even though they are application-specific. As the research company responsible for the results of these investigations, UpGuard pointed out that At the Pool is only a problem for users who reuse passwords at various sites.
The good news here is that the buckets have been removed from the Amazon server; however, the problem is that it’s unclear how much exposure they got before being pulled. In a statement to Gizmodo, Facebook stated that it violated the policy of storing information on a public database, and once it knew the problem, it worked with Amazon to extract the data. The following is a complete statement of the person of interest:
Facebook’s policy prohibits the storage of Facebook information in public databases. Once we get a warning, we will work with Amazon to take down the database. We are committed to working with developers on our platform to protect people’s data.
However, the biggest problem facing Facebook users is that data is first leaked. Once this happens, it won’t disappear – if your data is part of this particular vulnerability, it’s now there. Facebook can’t control it. As UpGuard pointed out so accurately, “the data sprite can’t be put back in the bottle.”
The benefit is that if you have never used any kind of service, then you are safe. However, if you have it, then it may cause concern.