The latest reveal came from cybersecurity firm UpGuard. In a cleverly titled report called “Losing Face: Two More Cases of Third-Party Facebook App Data Exposure” the firm pointed out how Facebook continues to screw up when it comes to user records.
“The UpGuard Cyber Risk team can now report that two more third-party developed Facebook app datasets have been found exposed to the public internet.”
It found that half of a billion records of Facebook users wound up on Amazon’s cloud computing servers.
Juxtaposition of stories that popped up in my feed today:
1) Millions of Facebook Records Found on Amazon Cloud Servers https://t.co/V092LDLbew
2) Facebook Demanding Some New Users’ Email Passwords (passwords to non-Facebook accounts) https://t.co/8DYbtAtksU
“Trust Us”…. pic.twitter.com/c0wdnyBW9G
— ashkan soltani (@ashk4n) April 3, 2019
Maybe Stop Trying To Save the World
While Facebook didn’t’ put it on Amazon’s cloud, it didn’t seem to have any tools in its wheelhouse to keep it from happening. Horrifically troubling about this is that it comes after the Cambridge Analytics mess that was similar to this one.
It would seem that the black eye and backlash Facebook received from the Cambridge Analytics scandal would have moved the geniuses taking up space at Facebook to do better.
Yet, here we are again, scratching our heads about what the Zuck is doing to avoid these endless situations. Maybe he doesn’t even care considering breach, after screw-up, after apology hasn’t budged most of his users from continuing to make every happening in their lives a Facebook moment.
Caught With Its Pants Down, Again
As have been other user data mishandling issues, Facebook didn’t discover this one dealing with Amazon on its own. But for the team at UpGuard, users would be none the wiser that a Mexico City-based digital platform called Cultura Colectiva had openly stored 540 million user records.
Another database, an app called At the Pool, listed names, passwords and email addresses of 22,000 people, UpGuard found.
Some are trying to chalk up what was compromised as being non-sensitive. Considering the comprised information included users’ comments, likes, reactions, account names, FB IDs and more, I’d beg to differ.
Bloomberg claims that it wasn’t until it alerted Facebook to the problem that the database was closed. Facebook then contacted Amazon.
I once posed a question about Google after it gave some condescending excuse over its own privacy issue. I asked, “How stupid does Google think we are?”
Now I pose this same question to Facebook. This company thinks it is so impactful that it could be a church. Yet, when it comes to these ridiculous security-related breaches, it gives the most ignorant form of an excuse. The old, “uh, we didn’t know.”
Take this response from a Facebook spokesperson to Reuters:
“We worked to get the databases in question taken down, but we are still investigating exactly what information was stored there.”
So Facebook says it had "no knowledge" until today.
UpGuard says it flagged the site "Cultura Colectiva" twice in January
— Sally Shin (@sallyshin) April 3, 2019
Money Trumps Privacy Every Time
I’ve always found it intriguing how people willingly give Zuckerberg access to every aspect of their lives. It’s as if they’ve forgotten why the Harvard law school dropout founded “The Facebook.”
The Guardian refreshed memories last month when questioning the CEO’s new privacy views.
Is this the same Mark Zuckerberg who said, in 2010, that privacy was no longer the social norm? And is it the same Mark Zuckerberg who in 2004, sitting in his Harvard dorm, messaged his friend that he could give them the personal information of one of the 4,000 “dumb f—-” who handed over details in order to join his exciting new social network?
Yes, it is the same Zuckerberg, and these privacy snafus are clearly the least of his concerns. Monetizing users is his concern.
Facebook Dips On More Negative News