Live

Watch CBSN Live

Hundreds of millions of Facebook user records were exposed on Amazon cloud server

Facebook user data exposed on Amazon servers

More than 540 million records about Facebook users were publicly exposed on Amazon's cloud computing service, according to a cybersecurity research firm. A report out Wednesday by UpGuard said two third-party Facebook app developers posted the records in plain sight, causing yet another major data breach for the world's biggest social network.

According to UpGuard, a Mexico-based media company called Cultura Colectiva was responsible for the biggest leak. It exposed 146 gigabytes of Facebook user data, including account names, IDs and details about comments and reactions to posts. It's unclear how many individual users had data exposed.

Separately, an app called At the Pool exposed databases that appeared to include data about user IDs, friends, photos and location check ins, as well as unprotected Facebook passwords for 22,000 users. The app — which was meant to help people meet up for offline activities — shut down in 2014.

UpGuard said it alerted Cultura Colectiva and Amazon about the breaches from Cultura Colectiva in January, but no action was taken until Wednesday morning. After Bloomberg reached out to Facebook for a comment about that breach, an Amazon "storage bucket" with the data from Cultura Colectiva was secured.

The data from At the Pool went offline before UpGuard reached out about it.

Facebook is under federal criminal investigation for deals it struck with electronics manufacturers to access user data, and it has been hit a series of security breaches over the past year. The British analytics firm Cambridge Analytica, which worked with the Trump campaign in the 2016 election, got access to data from more than 87 million users; and Facebook last September said that an attack on its networks exposed information from nearly 50 million users. Facebook said it has more than 2.3 billion active monthly users worldwide.

Challenges for Facebook a year after Cambridge Analytica scandal