According to a report on Wednesday by UpGuard, a cybersecurity firm, two databases containing user data from Facebook were found on Amazon.com web servers accessible to the public on the internet. Information leaked included user ID’s, photos, Facebook friend and group lists, and interests.
One of the databases is owned by the Mexican company Cultura Colectiva, which specializes in digital media, while the other is owned by a separate Facebook-integrated app, At the Pool. In these two instances, the records were publicly available because the “Amazon S3 Buckets” on which the data were stored were misconfigured to allow public access instead of only private access. The original report was not entirely clear about this point, and Wikinews confirmed with UpGuard that the two incidents involved two separate Amazon S3 buckets.
UpGuard reportedly sent an email to Cultura Colectiva on January 10, and again on January 14, but received no response. On January 28, UpGuard reportedly emailed Amazon Web Services informing them of the situation, to which on February 1 Amazon Web Services acknowledged the bucket’s owner had been informed. After the database had still not been secured, UpGuard reportedly emailed Amazon Web Services again on February 21, with Amazon Web services responding that they would investigate what else could be done about it. Reportedly, the Amazon S3 Buckets were only secured after Bloomberg contacted Facebook.
The Guardian drew comparisons between this case and the Cambridge Analytica scandal, in which over 50 million Facebook profiles were harvested for data without users’ knowledge or consent.