Facebook has again exposed its users’ data, according to security researchers which say they found 540 million users’ details including passwords available on public storage servers.
Facebook is yet to respond to the claims.
Security firm UpGuard claims two third-party developed Facebook apps collected and posted the information on publicly accessible servers.
The breach is regarded as the most significant for Facebook since the Cambridge Analytica scandal.
The first app, from Mexico-based media company Cultura Colectiva, exposed 146GB of user data including comments, likes, reactions, account names and Facebook IDs.
The second is a Facebook-integrated app named “At The Pool” exposed less data but included plaintext password for 22,000 users via an Amazon S3 bucket, according to UpGuard.
Developers of “At The Pool” ceased operation in 2014 with its parent company website returning a 404 error notice, according to the security firm.
In the post, UpGuard said the social media giant’s efforts to reign in developer access to user data have been unsuccessful.
“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle.
“Data about Facebook users has been spread far beyond the bounds of what Facebook can control today. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak.”
Renaud Deraison, co-founder and CTO of cybersecurity company Tenable said, “Facebook is giving third-party app developers access to user data. That means the company’s massive trove of data is in the hands of potentially thousands of third parties all over the world.
“App developers are focused mainly on bringing new offerings to market quickly — it’s what consumers have come to expect.
“It looks like Facebook doesn’t have enforced guidelines when it comes to how its partners handle cybersecurity.
“As long as cybersecurity remains an afterthought in the digital economy, we’ll continue to see these kinds of easily preventable data leaks.”
The social media giant has been under increasing scrutiny following a number of data and ethical issues, including breaching data and privacy laws, storing passwords improperly and failing to control its platform during the Christchurch terror attack.
Only a few days ago, Facebook CEO Mark Zuckerberg outlined four ways law makers need to regulate the internet.