Detailed info concerning more than 540 million Facebook users was left publicly visible for months, a security firm has found.
UpGuard found the large cache of information on unsecured Amazon servers used by a Mexican social media firm.
The information came from visitors to Cultura Colectiva’s Facebook pages and included account names, ID numbers, comments and reactions.
Facebook said the data had currently been removed from the servers.
Cultura Colectiva said the information it amassed came from interactions with users via its various Facebook pages. All the same info would be available to anyone that looked at those public pages, it added.
No personal information such as emails or passwords was stored, because Cultura Colectiva didn’t have access to that info, it said.
“We are aware of the potential uses of information in current times, therefore we have reinforced our security measures to protect the information and privacy of our Facebook fan pages’ users,” it told Reuters.
Facebook said that Amazon helped it remove the information once UpGuard flagged that it was available. Also removed was a smaller database of more than 22,000 people amassed by a separate firm that listed names, passwords and email addresses.
The social network said its policies prohibited Facebook data being stored in publicly-accessible databases.
UpGuard found the information about the Facebook users as a part of regular checks it carries out on Amazon S3 servers that have inadvertently exposed databases. Its latest survey found seven other instances that exposed:
trade secrets from hosting firm GoDaddy passwords and crypto keys for internet provider Pocket Inet 14 million Verizon customer records critical information for Viacom applications records of 1.8 million Chicago voters.
The accidental sharing of information concerning Facebook users is the latest in a long series of incidents that have exposed sensitive or personal information.
In late March, Facebook found that the passwords of about 600 million users were stored internally in plain text for months.
In September 2018, data on 50 million users was exposed by a security flaw.
And earlier last year, Facebook revealed that information on millions of users had been harvested by data science company Cambridge Analytica.