The company later announced changes to the platform aimed at protecting user data. On one hand, the social network has no control over how third-party developers handle data and what sort of methods they use to protect it and secure it. The dataset wasn't protected in any way, shape, or form, meaning anyone could access people's sensitive information including their passwords.
The second AWS server stored data recorded by the "At the Pool" Facebook game. The report from UpGuard comes nearly a year after revelations that Cambridge Analytica, a political consultancy, improperly accessed the personal data of 87 million Facebook users with the aid of a quiz app.
The details of millions of Facebook accounts have been left ripe for harvesting thanks to a pair of careless developers. "It's an oil spill, that data is out there". "These two situations speak to the inherent problem of mass information collection: the data doesn't naturally go away, and a derelict storage location may or may not be given the attention it requires", UpGuard wrote today, adding that even though Mark Zuckerberg committed past year to better locking down Facebook, data on its users has already "been spread far beyond the bounds of what Facebook can control today".
In a blog post, the company tied one of the leaky databases to a Mexico-based media company called Cultura Colectiva.
But, it users have used the same passwords on both their Facebook accounts and the third-party "At the Pool" app, they are now at risk for someone to hack their accounts. Pollock said that UpGuard in January tried to notify the organization that its cache of Facebook information had been left open for anyone to download but ultimately received no reply. The firm expressed concern that Facebook users who set the same password on multiple sites and services could be at the greatest risk. It wasn't until the folks at Bloomberg reached out to Facebook earlier today that the problem was taken care of, with that library now secured. The number of affected users is believed to be in the range of millions and tens of millions.
Facebook said that it was investigating the incident and did not yet know the nature of the data, how it was collected or why it was stored on public servers. On Saturday, he endorsed the broad contours of new regulation targeting the ways that tech giants tap consumers' personal data.
Cultura Colectiva did not immediately respond to a request for comment.