Skip to main content

Facebook app data exposed by third-party developers

(Image credit: Image Credit: Anthony Spadafora)

Security researchers have found two more Facebook databases just sitting idly on the open internet, available for anyone who knows where to look. The UpGuard Cyber Risk security organisation has found one database belonging to a Mexico-based media company Cultura Colectiva, and one belonging to the now defunct app At The Pool.

This is just another in a string of events in which third parties have exposed Facebook's data, something the social media giant is trying to address for some time now.

The Cultura Colectiva database contains more than 540 million records. Researchers have found comments, likes, reactions, account names, FB IDs and more. In total, the database weighs 146GB.

The second database, belonging to the defunct app At The Pool isn't as large, but its destructive potential cannot be neglected.

It kept, in plaintext, passwords for 22,000 users. The passwords seem to be for the app itself and not for Facebook, but that doesn't mean everyone's in the clear just yet. Even though the app is dead, users that re-use old passwords, or use the same password across a multitude of platforms, may be at risk.

This database backup contained columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more.

Both data sets were stored in Amazon S3 buckets, configured to allow anyone to download them.

UpGuard highlights the dilemma for Facebook: it is the harvester of this data, but once it gives it to third parties, the safety of the data is no longer in their hands.

You can read the full analysis here.

Image Credit: Anthony Spadafora