Software developers stored more than 540 million records containing private data of Facebook users in a way that allowed public download, according to CNN.
The number of users whose data was compromised is not yet clear, according to the CNN story based on a report from cybersecurity firm UpGuard. The records included comments, likes, reactions, account names, and other data from the site that’s a popular marketing tool for real estate agents and mortgage brokers.
Two third-party Facebook app developers stored the user data on Amazon’s cloud computing servers without proper security, which included Facebook passwords for 22,000 users.
In a statement provided to CNN, a Facebook spokesperson said, “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
Facebook allows third-party software developers to integrate apps and websites with its platform to enable users to sign into a service using their Facebook credentials. It also has entered “data sharing” agreements with other companies, such as Amazon and Netflix.
Chris Vickery, director of cyber risk research at UpGuard, told CNN that the breach “highlights a problem that is intrinsic with mass data collection.”
Facebook has “no way of guaranteeing the safe storage of the data of their end users if they are going to allow app developers to harvest it in mass,” Vickery said.
In September, Facebook announced that 50 million accounts were affected in a cyberattack that comprised login information. The social media giant said then that hackers exploited a vulnerability in Facebook’s code that allowed them to steal Facebook access tokens – the things that let its users stay logged on indefinitely.
A year ago, the world’s largest social media company faced a public outcry after it was revealed that Cambridge Analytica, a political consulting firm with ties to the presidential campaign of Donald Trump, had accessed information from as many as 87 million Facebook users without their knowledge. That led to worldwide government probes of Facebook and threats of regulation.