Millions of Facebook Records Found Unsecured on AWS

Two third-party Facebook application developers exposed users' personal information by leaving the data exposed without a password in unsecured Amazon Web Services S3 buckets, researchers from the security firm UpGuard said Wednesday. One data set contained 540 million unsecured records, the report found. It's not clear how many users were affected.

For months, UpGuard researchers had attempted to contact the two companies about the exposed user data, but one firm did not remove the personally identifiable information from public view until Bloomberg contacted it about a story this week, UpGuard reports.

The second company has been out of business for several years, UpGuard found.


It's unclear if anyone attempted to access or steal this data before it was discovered, a UpGuard spokeswoman tells Information Security Media Group. It's also not known how long that data was stored without a password within AWS.