Wednesday, 21 Augst 2019 | 11:52 WIB

Data of Millions of Facebook Users Leaked to Public

Data of Millions of Facebook Users Leaked to Public (special)

JAKARTA, NETRALNEWS.COM -- The cyber security team from Upguard Cyber ​​Risk have found that data from two-thirds of the third party applications that Facebook developed have been exposed to the public.

According to the page, one of the leaks came from a Mexican company, Cultura Colectiva, measuring 146GB containing more than 540 million data containing comments, likes, reactions, account names and Facebook accounts.

A backup file from an application called "At The Pool" was also found exposed to the Internet through Amazon S3. The database contains backup columns for keywords, friendships and user IDs. The intended password is estimated for the application "At The Pool", not a Facebook account, but the user has the risk if the keyword used is the same.

As reported from Antara, the data found at At The Pool is not as large as the data set in Cultura Colectiva, however, it contains keywords in the plaintext format of 22,000 users. Upguard's findings, At The Pool, have stopped operating since 2014 and their parent company site has been inactive.

These data sets are stored in the Amazon S3 bucket that is configured to be publicly available. According to Upguard, the data changes due to updates. In common, these data contain information about Facebook users, likes, relationships and interactions and are open to third party developers.

The Upguard team has sent notification emails to Cultura Colectiva on January 10 and January 14, but there was no response. They also sent a letter to the Amazon Web Service because the data was stored on Amazon S3.

Still according to Antara, in early February, Amazon Web Services replied to the letter, stating it had told the owner of the bucket.

Upguard again sent a notification to Amazon Web Services on February 21 because it saw the data had not been secured, and AWS replied that day they said they would look for ways to resolve the problem.

On April 3, after Facebook was contacted by Bloomberg, the data on the S3 AWS bucket was finally secured.

Meanwhile, data from At The Pool was offline when the Upguard tried to trace the data in question.