Wednesday January 29, 2020
Home Lead Story Facebook App ...

Facebook App Developers Exposed Users’ Data: Report

The political consultancy firm Cambridge Analytica also harvested data of 87 million users via a quiz app, leaving Facebook under heavy criticism on how it share user data with third parties

0
//
Facebook, data,photos
A television photographer shoots the sign outside of Facebook headquarters in Menlo Park, Calif. VOA

In yet another shocking revelation, US-based cyber security firm UpGuard has found that Facebook app developers left millions of user records, including comments, likes and reactions, exposed on the Amazon Cloud servers.

The third-party Facebook app developers exposed data in the public domain in two large datasets that contained 540 million users’ records.

“One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more,” said UpGuard in a blog post on Wednesday.

“A separate backup from a Facebook-integrated app titled ‘At the Pool’ was also found exposed to the public internet via an Amazon S3 bucket,” said the researchers.

The “At the Pool” discovery is not as large as the Cultura Colectiva dataset, but it contains plaintext (unprotected) passwords for 22,000 users.

“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third-party access.

“But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today,” said UpGuard.

Facebook, data, vietnam
This photo shows a Facebook app icon on a smartphone in New York. VOA

Combine that plenitude of personal data with storage technologies that are often misconfigured for public access and the result is a long tail of data about Facebook users that continues to leak.

A Facebook spokesperson told The Verge that the company’s policies prohibit storing Facebook information in a public database.

“Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data,” the spokesperson added.

Also Read- Snapchat Testing New Features

The political consultancy firm Cambridge Analytica also harvested data of 87 million users via a quiz app, leaving Facebook under heavy criticism on how it share user data with third parties.

“In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security,” said UpGuard.

“The surface area for protecting the data of Facebook users is thus vast and heterogenous, and the responsibility for securing it lies with millions of app developers who have built on its platform,” it added. (IANS)

Next Story

Social Networking Giant Facebook Blames Apple iOS for Bezos’ Phone Hacking

WhatsApp provides end-to-end encryption by default, which means only the sender and recipient can view the messages

0
Social Media, Facebook, Authenticity, Posts
The social media application, Facebook is displayed on Apple's App Store, July 30, 2019. VOA

Facebook has blamed Apple’s operating system for the hacking of Amazon Founder and CEO Jeff Bezos’ phone, saying WhatsApp’s end-to-end encryption is unhackable.

Investigators believe that Bezos’s iPhone was compromised after he received a 4.4MB video file containing malware via WhatsApp – in the same way when phones of 1,400 select journalists and human rights activists were broken into by Pegasus software from Israel-based NSO Group last year.

In an interview to the BBC last week, Facebook’s Vice President of Global Affairs and Communications, Nick Clegg, said it wasn’t WhatsApp’s fault because end-to-end encryption is unhackable and blamed Apple’s operating system for Bezos’ episode.

“It sounds like something on the, you know, what they call the operate, operated on the phone itself. It can’t have been anything on the, when the message was sent, in transit, because that’s end-to-end encrypted on WhatsApp,” Clegg told the show host.

Clegg compared the hack to opening a malicious email, saying that “it only comes to life when you open it”.

According to a report from FTI Consulting, a firm that has investigated Bezos’ phone, after that the video file was received, Bezos’ phone started sending unusually large amounts of outbound data, including his intimate messages with his girlfriend Lauren Sanchez.

Jeff Bezos
Jeff Bezos, Amazon founder and owner of Blue Origin. (Wikimedia commons)

According to Clegg, “something” must have affected the phone’s operating system.

“As sure as you can be that the technology of end-to-end encryption cannot, other than unless you have handset, or you have the message at either end, cannot be hacked into,” he was quoted as saying.

Apple was yet to comment on Facebook’s statement.

The NSO Group has denied it was part of Bezos’ hacking.

Also Read: Here Are Some Life Lessons That We Can Learn From Freedom Fighters this Republic Day

WhatsApp provides end-to-end encryption by default, which means only the sender and recipient can view the messages. But the piece of NSO Group software exploited WhatsApp’s video calling system by installing the spyware via missed calls to snoop on the selected users.

According to leading tech policy and media consultant Prasanto K. Roy, end-to-end encrypted apps (E2EE) do provide security, and messages or calls cannot be intercepted and decrypted en route without enormous computing resources.

“But once anyone can get to your handset, whether a human or a piece of software, the encryption doesn’t matter anymore. Because on your handset, it’s all decrypted,” Roy told IANS recently. (IANS)