The UpGuard Cyber Risk team can now report that two more third-party developed Facebook app datasets have been found exposed to the public internet. One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more. This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data.
A separate backup from a Facebook-integrated app titled “At the Pool” was also found exposed to the public internet via an Amazon S3 bucket. This database backup contained columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, password, and more. The passwords are presumably for the “At the Pool” app rather than for the user’s Facebook account, but would put users at risk who have reused the same password across accounts.
Read more on UpGuard.