At around 1pm EST on Wednesday, April 3, 2019, the people at Facebook who are supposed to make sure your data is safe - yeah, that Facebook - they have, once again, blown it.
Bloomberg news service reports that UpGuard, a cybersecurity firm, discovered today that millions of Facebook users records were uploaded to Amazon's cloud servers.
Why is this news? Because Amazon's servers have no password and they are 100% totally accessible to the public.
This is not Facebook's first rodeo when it comes to breaches. Three months ago in December 2018, Facebook users saw their photos were breached by third-party developers and databases where every developer had access to private user photos.
This time, a Mexican business, Cultura Colectiva, was found to be openly storing 540 million sensitive Facebook records including ID numbers, passwords, comments, reactions, and account names.
The discovery shows that Facebook still hasn’t done enough to protect private user data.
Also, another Amazon server was found with names, passwords, and email addresses for some 22,000 people, associated with a now defunct app called "At the Pool." UpGuard said that it didn't know how long that data had been exposed.
These developers and companies have free access because they have data-sharing deals with Apple, Amazon, Microsoft, and Sony, plus people being able to look up strangers based on phone numbers submitted for two-factor authentication.
How many times have you looked up a phone number or address for someone using whitepages dot com or Spokeo or similar info sites? The data has to be uploaded somewhere, stored somewhere and kept available so that when YOU do a search for the information, you get it.
So why isn't that information being safeguarded or password protected?
Because no one would be able to freely upload data to add to records, correct information and update records with new data - like a marriage, birth or death, change of address and change of phone number.
Amazon's cloud is freely accessible to upload, download and view - all without any restrictions.
By far the biggest breach was Cambridge Analytica, which has attracted investigations by the U.S. and U.K. over voter data collected without most users' consent. In late March 2019, Facebook was found to be keeping "hundreds of millions" of unencrypted passwords on internal servers.
Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.
You can finish reading the article here:
and here:
No comments:
Post a Comment