Researchers from the cybersecurity firm UpGuard recently discovered that Facebook user account information was exposed on Amazon cloud servers. The security team at UpGuard stated that they found two data breach incidents in different regions.
First incident was originated from the Mexico-based media company Cultura Colectiva which exposed around 146 GB of data that contained over 540 million records detailing comments, likes, reactions, account names, FB IDs, and other sensitive information. The second was a separate database from a Facebook-integrated app named ‘At the Pool’ which exposed data via an Amazon S3 bucket. This database contained the backup information like fb_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, and passwords, according to UpGuard.
UpGuard stated the data was stored in Amazon’s cloud service without password protection and could easily be accessed by outsiders.
“The public doesn’t realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners,” said Chris Vickery, director of cyber risk research at UpGuard. “Not enough care is being put into the security side of big data.”
A couple of months ago, the Ministry of Information and Communications (MIC) of Vietnam stated that Facebook violated its new cybersecurity law by allowing users to post anti-government comments on its platform. The concern was raised at a media conference held by MIC’s Authority of Broadcasting and Electronic Information (ABEI). The ABEI stated the social media giant had violated Vietnamese cybersecurity laws in three major areas: managing content, online advertising, and tax liability.
The new cyber law requires Facebook, Google, and other international tech firms to store local users’ data on local servers and set up offices in Vietnam. It prohibits Internet users in Vietnam from spreading anti-government information and posting false information that could cause damage to the country. It also prevents the circulation of content that’s fake, slandering, or inciting violence.