by Paul Ducklin

It’s happened again!
Unsecured personal data found lying around in the cloud!
Unfortunately for Facebook, which has been caught up in numerous “concerned about cybersecurity” stories lately, this isn’t just any old data…
…it’s data that was acquired via Facebook by third-party apps.
It’s a little bit like what happened with Cambridge Analytica – the infamous Facebook app provider that offered so-called psychometric tests to seduce you into giving away a lot of detail about what made you tick, and then turned round and used that data in ways you almost certainly didn’t expect.
Ironically, even though these latest two data spillages, announced yesterday by leak-seeking cybersecurity company Upguard, aren’t quite as scary as the Cambridge Analytica story, they are in some ways even worse.
These breaches happened through plain old carelessness – databases hosted in the cloud and apparently almost casually left open to the world.
That’s like running your own servers in your own server room, but leaving the server room door unlocked with a big sign on it saying, “Free admission. Please don’t be naughty.”
In fact, it’s like copying critical data from your own servers onto a whole boxful of unencrypted USB drives and walking round a Dark Web convention handing them out to all and sundry.

What leaked?
According to Upguard, the latest leaky buckets it found belong to:
Cultura Colectiva, a Latin American social networking collective that spilled a giant database of more than 500 million entries, probably covering millions of users (the site itself claims 45 million subscribers). The data apparently included Facebook IDs, likes, friends and more.
At the Pool, a Facebook app that seems to have died out back in 2014, leaving its collected data orphaned and exposed. This data apparently included names, email …

Go to Source

Author: Paul Ducklin

Comments are closed.