Welcome to WebmasterWorld Guest from 18.205.176.100

Forum Moderators: not2easy

Facebook, App Devs Left 540 Million Users' Data Exposed

     
5:51 am on Apr 4, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10125
votes: 1007


The details of millions of Facebook accounts have been left ripe for harvesting thanks to a pair of careless developers.

Professional Shodan jockey Chris Vickery of Upguard spotted a pair of exposed AWS S3 buckets that appear to belong to the coders behind Cultura Colectiva and At the Pool, a pair of third party apps for Facebook.


[theregister.co.uk...]

FB needs to take more control of how user data is collected and used by app devs. To be fair, perhaps FB did not know ... but that begs the question, Why did they not know?

Severed ties with FB last year. Handwriting on the wall.
7:20 am on Apr 4, 2019 (gmt 0)

Senior Member from ES 

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 13, 2005
posts:697
votes: 12


It would be really amazing if on the wall of the Facebook office there was a counter like this:

"N days without data leaks" :-D
3:24 pm on Apr 4, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26238
votes: 997


Looking into this, the 540 million records didn't contain much detail, including account names, ID numbers, comments and reactions, but still, it seems ludicrous it was just left sitting there.

More seriously, and in a separate developer account, 22,000 records with names, passwords and email addresses were discovered.

sigh
5:32 pm on Apr 4, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member brotherhood_of_lan is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2002
posts:5017
votes: 53


Just shows though, anyone with enough intent and a systemised way will come across these datasets, and piecing them together could provide some pretty comprehensive data not limited to password choices.
9:03 pm on Apr 4, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 29, 2007
posts:2011
votes: 211


But Facebook says that if you give them your cell number(more data for them) that your stuff will be "totally safe". lol.

The threat to your data is from Facebook itself, as you'd expect from a company that literally profits by sharing personal information to advertisers. A busted app program on top of last year's revelation that Zuck himself lends facebook data to political parties of his choosing is indeed writing on the wall.

I left Facebook a few years ago, my family members are understanding why more and more all the time and a few have left as well. No company needs to know everything about you to the point they want to mold your political opinion either. At that point they cease being a platform and become... something else nobody asked for.
9:59 pm on Apr 4, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10125
votes: 1007


These "security breaches" are actually part of the original business plan for FB ... has to be, else one must question the intelligence of the "wunderkind" that manage and code for the company.

Or their deals with other tech giants, phone makers, etc ...

Personally I never played on FB for 14 years (I was among the first 10,000 to join it) simply because of the NOISE it generated! The privacy concerns came in year two and I kept anything posted as squeaky NULL as possible. :)
2:46 am on Apr 5, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 2, 2006
posts:2240
votes: 8


22,000 records with names, passwords and email addresses were discovered.

Excuse me for my ignorance, but I thought that nowadays passwords are stored in some secretive way so nobody can have it in sort of readable text or whatever.
12:51 pm on Apr 6, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 29, 2007
posts:2011
votes: 211


Typically they are but then employees can retrieve all data about specific users thus creating new files that can be accessed by them, and apparently by people smarter than them.

Since the whole political mess landed in his lap in which he banned a company for doing what he was doing himself Zuckerberg is focused on regulating the internet as if that's his job, here is his op-ed on that - [washingtonpost.com...] He's not focused on user security nearly as much during his day it seems.

Mark Zuckerberg: The Internet needs new rules. Letís start in these four areas.

He doesn't own the internet, he runs a social platform and is quite replaceable. He should tread more carefully or he'll generate even more votes for the party he hates. Telling is that you can write Kamala 2020 and be featured but write Trump 2020 and that gets throttled as political speech. Back to basics, Zuck, and start by listening to your users(and focusing on security, not censorship).
3:50 pm on Apr 7, 2019 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:July 23, 2004
posts:595
votes: 101


... to know everything about you to the point they want to mold your political opinion


If Zuck thinks things are bad now ... just wait for governments around the world get a hold of it all as it relates to regulation. Sounds to me like good-ole-Zucky-Boy is trying to pass off his responsibility to government, so he doesn't get called on the cuff every time something goes wrong. Governments around the world are relentless when it comes to forcing their political opinions on people, so Zuck's idea of government regulation would only make matters much, much worse than they are now.

Secondly, with all of this politically correct nonsense floating around, what means one thing in one country, could totally mean a different thing in another country. Having a worldwide standard of practices would most likely result in the fiasco similar to the current the state of affairs at the United Nations ... pointless and incompetent.

Zuck should just call all of this for what it really is and throw in the towel -- Dismantle Facebook piece by piece -- Sell off portions and simply shut other portions permanently.

Facebook has had a good run. I wouldn't fault Zuck one bit if he just pulled the plug on the whole thing and walked away.