2 Tiers Apps millions de Exposed utilisateurs de Facebook Enregistrements
CYBER NOUVELLES

2 Tiers Apps millions de Exposed utilisateurs de Facebook Enregistrements

1 Star2 Stars3 Stars4 Stars5 Stars (Pas encore d'évaluation)
Loading ...

Il y a deux nouveaux cas d'ensembles de données exposant des tonnes d'informations appartenant aux utilisateurs de Facebook. Plus précisement, un demi-milliard d'enregistrements de millions d'utilisateurs de Facebook ont ​​été ouvertement à la disposition de l'Internet public. The records were found on unprotected Amazon cloud servers. According to UpGuard Cyber Risk researchers, two third-party developed Facebook app datasets were exposing users’ details to the public internet.




Cultura Colectiva, At the Pool Third Party Apps Exposed Facebook Users’ Données

One of these apps belongs to Mexico-based media company Cultura Colectiva, and it exposed 156 gigabytes of information, containing more than 540 million records of comments, likes, reactions, les noms de compte, Facebook IDs, parmi d'autres.

en relation:
Et tandis que les trois services très populaires ont du mal à revenir à la normale, une autre plate-forme a gagné plus d'utilisateurs. Télégramme.
3 Millions de nouveaux utilisateurs pour Télégramme Alors que Facebook est en baisse.

The other app is called At the Pool, and it also exposed sensitive details to the internet via an Amazon S3 bucket. The database backup contained columns for fk_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, mot de passe, et de plus. The passwords most likely belong to the At the Pool app rather than for the user’s Facebook account, but would put users at risk who have reused the same password across accounts, les chercheurs ont mis en garde contre.

It should be noted that the At the Pool discovery is not as large as the Cultura Colectiva dataset, but it still contains plaintext passwords for 22,000 utilisateurs, an amount that should not be underestimated. En outre, At the Pool doesn’t operate any longer as it ended in 2014, with the parent company’s website currently returning a 404 error notice. This fact is a bit of a relief to the app’s end users whose names, les mots de passe, adresses e-mail, Facebook IDs, and other details were openly exposed for an unknown period of time.

"The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each", le rapport. What all data sets have in common is that they all originate from Facebook users and present sensitive information in detail, such as interests, relationships, and interactions. These details were available to third-party app developers.

Data about Facebook users has been spreading uncontrollably, and Facebook is incapable of putting things in order. This fact combined with the abundance of personal data with storage technologies that are often misconfigured for public access, and you have tons of data about Facebook users that continues to leak.

What Did UpGuard Researchers Do?

With regard to the Cultura Colectiva data, the researchers’ first notification email was sent on January 10th, 2019. The team send a second email on January 14th. To this day there has been no response to any of the emails.
Due to the data being stored in Amazon’s S3 cloud storage, the researchers also notified Amazon Web Services on January 28th. AWS sent a response on February 1st saying that “that the bucket’s owner was made aware of the exposure".

When February 21st rolled around and the data was still not secured, we again sent an email to Amazon Web Services. AWS again responded on that same day stating they would look into further potential ways to handle the situation. It was not until the morning of April 3rd, 2019, after Facebook was contacted by Bloomberg for comment, that the database backup, inside an AWS S3 storage bucket titled “cc-datalake,” was finally secured.

As for the data stemming from At the Pool app, it had been taken offline during the time the researchers were investigating the data origin. This happened prior to a formal notification email was being sent. It is unclear whether this is a coincidence, if there was a hosting period lapse, or if a responsible party became aware of the exposure at that time, and took actions quickly. Cependant, the application is no longer active and all signs point to its parent company having shut down, les chercheurs ont conclu.

en relation:
A new report indicates that a third-party Android app with Facebook API access was copying user data into storage outside of Facebook.
App Android avec Facebook API et Copié données utilisateur stockées de manière non sécurisée.

Another recent example revealed that a third-party Android app with Facebook API access was copying user data into storage outside of Facebook. En outre, the data was stored insecurely in two locations.The issue was reported to Facebook through their Data Abuse Bounty program, et les emplacements de stockage ont été fixés en Novembre l'année dernière. Comme l'application elle-même, il a été retiré de Facebook, mais la version Android est toujours disponible dans Google Play. Le pire est que le nombre d'utilisateurs touchés par cette violation est inconnue.

avatar

Milena Dimitrova

Un écrivain inspiré et gestionnaire de contenu qui a été avec SensorsTechForum pour 4 ans. Bénéficie d' « M.. Robot » et les craintes de 1984 '. Axé sur la vie privée des utilisateurs et le développement des logiciels malveillants, elle croit fermement dans un monde où la cybersécurité joue un rôle central. Si le bon sens n'a pas de sens, elle sera là pour prendre des notes. Ces notes peuvent se tourner plus tard dans les articles!

Plus de messages

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont marqués *

Délai est épuisé. S'il vous plaît recharger CAPTCHA.

Partager sur Facebook Partager
Loading ...
Partager sur Twitter Tweet
Loading ...
Partager sur Google Plus Partager
Loading ...
Partager sur Linkedin Partager
Loading ...
Partager sur Digg Partager
Partager sur Reddit Partager
Loading ...
Partager sur Stumbleupon Partager
Loading ...