【Arnold Reyes Archives】

Source：Co-creation Information Network Editor：Science Time：2025-06-26 22:09:24

Another day,Arnold Reyes Archives another Facebook privacy scandal.

Hundreds of millions of Facebook user records — including some plain text passwords — were found exposed online free and open for the taking. So reports UpGuard, a cybersecurity risk assessment company, which notes in an April 3 press release that the two data sets in question were configured for public download. Yes, that means that anyone who knew where to look could have pulled them.

SEE ALSO: Facebook backs away from asking for some users' email passwords

At the heart of the matter are two third-party app datasets stored on Amazon S3 buckets containing reams of Facebook users' info. One such set, from Cultura Colectiva, reportedly had "540 million records detailing comments, likes, reactions, account names, FB IDs and more."

According to UpGuard, the second dataset, from a third-party Facebook app titled At the Pool, "contained columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more."

In other words, presumably a list of users' friends, likes, groups, and check-in locations — an incredibly revealing amount of data.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

While stating that the passwords in the latter data set were "presumably for the 'At the Pool' app rather than for the user’s Facebook account," the UpGuard press release goes on to add that it still "contains plaintext (i.e. unprotected) Facebook passwords for 22,000 users."

You don't reuse passwords across sites, do you?

Notably, this data is no longer in Facebook's control. By allowing third-party apps to scrape Facebook users' information (remember Cambridge Analytica?) the company essentially loses control of it. UpGuard said it notified Cultura Colectiva about the exposed data, starting with an email on Jan. 10 of this year, but has received no response from the company.

UpGuard writes that it was only when Bloomberg reached out to Facebook on April 3 that the data was finally secured. The At The Pool data set, on the other hand, was miraculously pulled offline shortly after UpGuard discovered it. What nice timing.

We reached out to Facebook to determine if At The Pool did in fact have access to, and then expose, the Facebook passwords of 22,000 users. We also asked the company how it intends to prevent this kind of third-party app privacy failure in the future.

A Facebook spokesperson provided the following statement in response:

Facebook's policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data.

In other words, yeah, it's as bad as it sounds.

Featured Video For You

Delete Facebook says WhatsApp co-founder

Topics Cybersecurity Facebook Privacy Social Media

Previous：Google's new AI model is being used to remove image watermarks

Next：Razer Kishi V2 deal: Snag one for 50% off

【Arnold Reyes Archives】

Related Articles

Related Recommendations

Categories

Latest Articles

Popular Articles

Hot Recommendations

Featured Column

Quick Links

Quick Links