Mexico-based media company Cultura Colectiva stored hundreds of millions of records on Amazon's servers, and Facebook-integrated app At the Pool, now defunct, left the plain-text passwords of 22,000 users of that app in plain sight.
Upon contact, a spokesperson of Facebook clarifies that they are working alongside the relevant agencies to protect user's data from app developers and have taken down the information from the Amazon database when alerted of the issue. She added that Facebook's policies now prohibit storing user information in a public database.
The data included confidential information related to Facebook users' passwords, comments, account names, "likes" and recent activities.
"The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook's control". While there was no reply from Cultura Colectiva, Amazon Web Services had responded that the data storage bucket owner was made aware of the exposure and Amazon was looking into further potential ways to handle the situation. Adding further, "We are aware of the uses that data can now have, so we have reinforced our security measures to protect the data and privacy of the users of our fanpages on Facebook".More news: White House pushes back on request for Trump tax forms
The firm said, "Neither sensitive nor private data, like emails or passwords, were amongst those because we do not have access to that kind of data, so we did not put our users' privacy and security at risk".
Facebook is yet to comment on the latest data leak. After Bloomberg notified the company, Facebook shut down the database.
The political consultancy firm Cambridge Analytica also harvested data of 87 million users via a quiz app, leaving Facebook under heavy criticism on how it share user data with third parties.
"The public doesn't realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners", said Chris Vickery, director of cyber risk research at UpGuard. It remains to be seen whether or not each company abused the data they scalped, but the way in which it was stored is already in breach of Facebook's current policies.
It's becoming increasingly apparent that Facebook simply isn't taking their duty of care in regards to the privacy of the data of its users seriously enough. What is also alarming is how easily user data is now lying publicly exposed over the interwebs as Facebook continues to allow third-party apps to store data in an unsecured manner.