What is the issue - Researchers from UpGuard uncovered two misconfigured Amazon cloud servers belonging to third-party companies that contained over 540 million Facebook user records.
The first AWS server
Upon discovering the leaky server, UpGaurd contacted Cultura Colectiva twice but received no response. Later, they notified Amazon Web Services about the unprotected server and received a response that the owner of the server has been made aware. However, the server was not secured.
UpGuard then notified Bloomberg about the issue, who in turn contacted Facebook for comment. It was then the server was finally secured after almost 3 months.
The second AWS server
“The passwords are presumably for the “At the Pool” app rather than for the user’s Facebook account, but would put users at risk who have reused the same password across accounts,” researchers said.
The server belonging to ‘At the Pool' had been secured even before UpGaurd sent a formal notification email.
The bottom line
Despite Facebook having best of cyber-security experts and security-related features, date leaks related to Facebook occurs every other day. Even though data exposed by third-parties is beyond Facebook’s control, Facebook and the third-party app developers on Facebook should jointly take responsibility and work towards protecting users’ private data.