The data of millions of Facebook users is being stored in plain sight on Amazon’s cloud servers, security researchers have found.
Highly sensitive data was posted for the public to see and download, ranging from passwords, email addresses, account names and identification numbers to comments and reactions.
The storage servers weren’t password protected, meaning anyone could view or download the data on them.
Researchers at cybersecurity firm UpGuard discovered the data exposure, according to Bloomberg.
It marks the latest in a series of privacy debacles at Facebook, many of which have erupted in the past few months.
Scroll down for video
Researchers at cybersecurity firm UpGuard discovered that massive amounts of user data were being stored on the internet giant’s servers, according to Bloomberg
WHAT DATA WAS LEFT OPEN TO THE PUBLIC?
Researchers from cybersecurity firm UpGuard discovered the data exposure.
One dataset stemmed from media firm Cultura Colectiva.
This data included comments, likes, reactions, account names, FB IDs and other information from more than 540 million users.
The second dataset, from now-defunct app At the Pool, was also stored on Amazon’s servers.
It included names, passwords, Facebook IDs and other details from 22,000 users.
None of the cloud servers were password protected.
UpGuard researchers said among the data exposed was a dataset from Mexico-based media company Cultura Colectiva.
That includes about 146gb of data and contains more than 540 million records of user information.
Facebook told Bloomberg it had closed the Cultura Colectiva database after it was informed of the data exposure.
Another dataset from now-defunct Facebook-integrated app ‘At the Pool’ was also stored on Amazon’s cloud servers.
Data in that collection included more sensitive information, including names, passwords, Facebook IDs and other details from 22,000 users.
So far, there haven’t been any reports of the data on the storage servers being misused.
Pictured is an example of some of the data left exposed by Facebook on Amazon’s cloud servers. Servers weren’t password protected, meaning anyone could view or download data
‘The UpGuard Cyber Risk team can now report that two more third-party developed Facebook app datasets have been found exposed to the public internet,’ UpGuard researchers wrote in a blog post.
‘This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data.’
Mail Online has reached out to Facebook for comment.
Earlier on Wednesday, it was revealed that Facebook had been requesting users’ share their email password in order to login to the service.
The practice raised eyebrows among security experts who said it was akin to a phishing attack.
Facebook later said it would quit asking for users’ email passwords as a form of verification.
The firm has been working to earn back users’ trust since the Cambridge Analytica scandal erupted last March.
Last year, it was revealed that some 87 million users’ data had been harvested and shared with Trump-affiliated campaign research firm Cambridge Analytica.