Facebook Inc said on Wednesday, April 3, that it removed public databases containing its user data on Amazon.com Inc’s cloud servers after cybersecurity firm UpGuard discovered millions of exposed records.
Another database, from an app called At the Pool, listed names, passwords and email addresses of 22,000 people, UpGuard said.
Cultura Colectiva said in a statement that all of its Facebook records came from user interactions with its three pages on Facebook and is the same information publicly accessible to anyone browsing those pages.
“Neither sensitive nor private data, like emails or passwords, were amongst those because we do not have access to that kind of data, so we did not put our users’ privacy and security at risk,” Cultura Colectiva said. “We are aware of the potential uses of data in current times, so we have reinforced our security measures to protect the data and privacy of our Facebook fan pages’ users.”
Alex Capecelatro, who was chief executive of At the Pool before it shut down around 2014, did not respond to requests to comment.
Facebook said in its statement that it worked with Amazon to take down the databases once alerted to the issue.
“Facebook’s policies prohibit storing Facebook information in a public database,” the company said.
Facebook has been hit by a number of privacy-related issues, including a glitch that exposed passwords of millions of users stored in readable format within its internal systems to its employees.
Last year, the company came under fire following revelations that Cambridge Analytica obtained personal data of millions of people’s Facebook profiles without their consent.
Since then, Facebook has come under scrutiny for offering more of its users’ data to companies than it had previously admitted. Last year, the company also revealed that attackers exploited a bug on the platform to expose the information of nearly 50 million users.
Politicians on both sides of the Atlantic have sharply criticized the company’s data privacy practices. The U.S. Federal Trade Commission is said to be looking to levy a record fine against the company for violating an earlier data privacy agreement.
Facebook later announced changes aimed at protecting user data, including an audit of at least thousands of apps that have the right to access Facebook user data.
Amazon did not respond to requests for comment. It has increased efforts to educate customers about the risks associated with storing user data publicly after several such data privacy lapses by its customers made headlines in recent years.
Bloomberg was first to report the news.
The new finding is the latest to highlight Facebook’s struggle to protect the data collected from its more than 2 billion users. It may only increase scrutiny on the company after a year of data privacy scandals.