Separately, an app called At the Pool exposed databases that appeared to include data about user IDs, friends, photos and location check ins, as well as unprotected Facebook passwords for 22,000 users.
Cultura Colectiva said in a statement that all of its Facebook records came from user interactions with its three pages on Facebook and is the same information publicly accessible to anyone browsing those pages.
A Facebook spokesperson told The Verge that the company's policies prohibit storing Facebook information in a public database. The second was a separate database from a Facebook-integrated app named "At the Pool" which exposed data via an Amazon S3 bucket. Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak. It is, however, worth mentioning that just last week it was revealed that Facebook not only stored 600 million users' passwords in plain text on its servers but also exposed it to over 20,000 employees.
On the plus side, data stemming from At the Pool was taken offline before security researchers could even send a formal notification.
Then in November 2017 UpGuard found "critical data" belonging to the U.S. army on virtual image of hard disk left on an AWS server, without password protection.
UpGuard found a batch of scratched Facebook profiles including 48 million records in 2018 from LocalBlox, a data firm that scrapes data from social media profiles. 'Data about Facebook users has been spread far beyond the bounds of what Facebook can control today.
"The public doesn't realise yet that these high-level system administrators and developers, the people that are custodians of this data, they are being either risky or lazy cutting corners". When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here. But as TNW says: "The data genie can not be put back in the bottle", and with much reason. While Facebook themselves have not compromised this data, they have allowed it to be freely obtained by companies with lax security measures. "We are committed to working with the developers on our platform to protect people's data".
Many security experts are of the view that, in the light of the frequent cybersecurity lapses, Facebook does not have a clear understanding of cybersecurity.
This however, is a standard Facebook response to most such breaches.