Researchers in UpGuard, a cybersecurity company, found troves of user data hiding in plain sight, inadvertently posted publicly on Amazon’s cloud computing servers. The discovery shows that a year after the Cambridge Analytica scandal subjected disseminated Facebook users & rsquo and insecure; data is online, companies that control that information at every step still haven’t.
Before cracking down more recently, facebook shared this kind of information with third-party programmers for years. The issue of accidental storage may be more extensive than those two cases. UpGuard found 100,000 Amazon-hosted databases that were open for various sorts of information, a number of which it expects aren&rsquo.
Programs like Amazon Web Services’ Simple Storage Service offer clients the choice of whether to make the data visible to other members of their company, just whoever uploaded it, or anyone online. That information was made to be public-facing, as in the case of a cache of photographs or other images saved to be used on a corporate website.
Facebook suspended hundreds till they could make sure they weren & rsquo; t consumer data and started an audit of thousands of programs. Facebook offers rewards for researchers who find issues.
&ldquo I would have put lots of the on AWS,” said Corey Quinn, who advises companies which use Amazon’s cloud in the Duckbill Group, a consulting firm. But because Amazon has taken steps to address the issue, firms like Cultura should be aware, ” he explained. ”
Facebook for many years let anyone creating an app on its own site in order to obtain info on the program being used by the people, and those users ’ friends. The programmers can do anything they want with it; s hands, After the data is from rsquo & Facebook.
This latest example demonstrates how the information safety problems can be amplified by a different trend: the transition a number of businesses have made from conducting operations mostly in their data centers to cloud-computing providers managed by Amazon, Microsoft Corp., Alphabet Inc.’s Google, and many others.
From the Cultura Colectiva dataset, which totaled 146 gigabytes, it was difficult for researchers to understand how many unique Facebook users were affected. UpGuard had. The firm sent mails to Amazon and Cultura Colectiva over months to alert them. It wasn&rsquo. Cultura Colectiva didn’t respond to Bloomberg’s request for comment.
Mexico City-based media company Cultura Colectiva stored 540 million records on Facebook customers. This database has been shut on Wednesday after Facebook was alerted by Bloomberg into the issue and Facebook contacted Amazon. Facebook shares pared their gains after the Bloomberg News report.
Those technology giants have built businesses by making it easy for businesses to run programs and store troves of information, on servers, from corporate documents to employee info.
Amazon isn&rsquo the only company that gets caught up in cases of records wrongly made public. But it has a lead in the business of selling computing power and data storage, putting a spotlight on company &rsquo. An Amazon Web Services spokesman declined to comment.
That 1 case has led to threats of regulation to the company, and government probes around the planet.
A Facebook spokesperson stated that the company’s policies prohibit storing Facebook data. Facebook worked to take the databases, once it had been alerted to the matter, the spokesperson said, adding that Facebook is committed to working on its stage to protect rsquo & people;s info.
Amazon in the previous two years has beefed up protocols to keep customers from exposing sensitive materials, including prominent warning notices, making resources for administrators to simply turn off all public confronting items, and offering for free what had been previously a paid add-on to examine a customer’s account for exposed data.
“The public doesn’t realize yet that these high tech administrators and developers, the people who are custodians of this data, they are being either insecure or idle or cutting corners,” stated Chris Vickery, director of cyber risk research at UpGuard. “Not enough care is being put into the safety side of large data. ”
Another database for a program called At the Pool listed names, passwords and email addresses . UpGuard doesn’t know that they had been subjected, while it was being looked into by the company as the database became inaccessible.
Other times, it isn’t. In the last few decades, data stored on several cloud providers — U.S. military data, personal information of newspaper subscribers and cell phone users — has been accidentally shared publicly on the internet and found by security researchers.