Facebook recently faced privacy and security problems following the leakage of users’ records to the public and developers. Some of the information that got leaked includes comments and likes by the users and the names of users.
Researchers said it was as a result of leakage by a third party company that uses a public cloud computing server owned by Amazon. UpGuard, a security firm disclosed the ordeal that an app developer misused Facebook records such as user’s passwords and emails leading to the mass information exposure.
According to Facebook, it is a violation of its policies by app developers to store information in a public database. It poses a risk to personal data if left exposed to the public and developers.
Facebook made it known to the people that they are working with app developers to secure their information. They are developing measures aimed at restricting developers from accessing Facebook user’s data.
However, by the fact that developers and the public can access users’ records, it is a contradiction to Facebook’s efforts to secure personal information. Previously, Cambridge Analytica, a political consultancy firm had admitted to accessing information from over 87 million Facebook users. They had used an app to access the information. It is after this revelation that UpGuard revealed that Facebook’s database was not secure and developers could download users’ information.
Researchers also made it clear that after accessing personal information, it can be stored forever by the person who obtained it. It is also difficult to retrieve and discard data that is already in possession of the third parties.
Greg Pollock, UpGuard’s vice president, raised questions about Facebook’s ability to make things right and its ability to manage data that has already been leaked out.
One of the organizations that were majorly affected by the leakage is Cultura Colectiva, a media company in Mexico which had stored records of its users in Amazon’s public server. Some of the information that was left accessible to the public includes people’s photos, music, locations, and likes.
Pollock had notified the company that its records were available to the public, but he did not receive any response.
The other Facebook’s records leakage happened when At The Pool, a third party, data leaked. It had stored its data such as names, emails, and passwords on Amazon’s servers. Data was exposed to the public and app developers before the company ended its operations in 2014.
UpGuard further stated that Facebook users who used a similar password on various sites were faced with a higher risk of leakage of their information. When asked to comment about the ordeal, At The Pool did not respond to the request.
Daniel Peralta, Cultura Colectiva’s spokesman, said that Facebook gave the company records retrieved from pages that the company manages. Those records are available to all Facebook users, and no sensitive data was at risk.
UpGuard also revealed that more than 540 million records belonging to Cultura Colectiva such as users’ comments, likes, and reactions leaked. However, users’ sensitive information such as passwords and emails were not among the leaked information. However, he did not give details to when the company acquired the records and why the company had passwords. The company further stated that they understand the importance of security of users’ information and hence they have put in place measures to protect records from users’ fan pages.
Bloomberg was the first to launch complaints about misappropriation of the users’ privacy leading to many investigations in the world. The company also led to the revelation that Facebook stores its users’ passwords in plain texts.
It has prompted Mark Zuckerberg, Facebook’s Chief Executive Officer to thinking on ways of improving how users interact on Facebook and how to keep data more safely. He is supporting new measures put in place directed at controlling how technology websites access users’ personal information. He also added that new rules should be set to control how the internet is used.
Earlier before 2015, Facebook had put in place strict measures that aimed at preventing leakage of personal information to other parties. It was until the Cambridge Analytica academic developer abused the rights that had been granted to him by Facebook. However, it is not clear whether Cultura Colectiva acquired people’s private information before 2015 or afterward. However, after the leakage that happened in 2018, Facebook has put in place more strict measures that restrict developers from accessing personal information.
Due to the high demand for data by the public and other parties, it poses a significant risk since companies can sell people’s information to earn huge incomes. It would be detrimental because much of people’s records would be in the public domain. Facebook is now reviewing all apps used by third-parties to ensure that data is safe and secure.