screenshot
Screenshot published on the UpGuard blog of data on public servers (Image: UpGuard)

More than 146 gigabytes of data collected in the Cultura Colectiva data set contained information regarding user likes, reactions to posts, account names and Facebook user ids.

The clear information contained in the At the Pool app data set concerns the list of users’ friends, likes, group names and locations registered via the app. In addition there were names, passwords and unencrypted email addresses of over 22 thousand people.

UpGuard has found the data on the Bucket Amazon S3 cloud servers that developers normally use for business projects and on which they upload data without an authentication request to access them.

In this way the access modalities are faster and the working times are reduced at the expense of data security  . Only after reporting UpGuard have the servers been taken offline and password protected.

On the company’s blog, UpGuard comments on yet another security flaw stating that “Facebook user data has been spread far beyond the limits of what Facebook can control today.”

A Facebook spokesman explained on Gizmodo: “Facebook policies prohibit the storage of Facebook information in a public database. Once notified of the problem, we worked with Amazon to remove the databases. We are committed to working with developers on our platform to protect people’s data.”