Security company, UpGuard, has reported two separate breaches on Facebook app datasets from third-parties. One came from a Mexico-based media company Cultura Colectiva, who had leaked 540 million records, and the other from an integrated app called ‘At the Pool’ which had exposed data from over 22.00 users.
Compromised details included Facebook IDs, comments, likes, interests and passwords, with both leaks coming from unsecured Amazon S3 storage buckets. This Amazon Web Service is often misconfigured to allow public access to the stored data. Initially, Cultura Colectiva reportedly neglected to secure the data after the breach had been discovered, but this has now been resolved.
The ‘At the Pool’ app is no longer active and the data had already been removed before the leak was officially announced. https://www.upguard.com/breaches/facebook-user-data-leak
Check the privacy settings on your app accounts, such as social media, to understand what personal data is collected and modify the settings if necessary. It is advisable to be aware of the digital footprint which you leave online and realise that certain information could be used by criminals if posted. It is also vital to have some basic knowledge of how to secure Amazon S3 buckets if using them. Some guidance and recommend reading can be found here.