Citing the findings of a research by security firm UpGuard, a report by Business Insider notes that sensitive personal data of 540 million Facebook users was left exposed on public servers by app developers. The data was found sitting without any password protection on public Amazon servers it had been uploaded to.
According to the researchers, the majority of exposed user data, which included sensitive information like users’ friends, likes, music, photos, events, interests, and check-ins, was uploaded publicly by a Mexican media company named Cultura Cultiva.
Although Facebook has tightened up the user data accessible to app developers since the Cambridge Analytica scandal, at least some damage has already been done:
“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle,” UpGuard wrote in a blog post about its findings on Wednesday.
“Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often mis-configured for public access, and the result is a long tail of data about Facebook users that continues to leak,” it writes.
Meanwhile, Facebook spokesperson Katy Dormer has said in a statement that the company’s policies prohibit storing Facebook information in a public database. “Once alerted to the issue, we worked with Amazon to take down the databases”.