Losing Face: Two More Cases of Third-Party Facebook App Data Exposure (Apr 3, 2019)
The UpGuard Cyber Risk team has published their findings of two third-party Facebook application datasets that were publicly accessible on the internet. One of the datasets was found originate from the Mexico-based media company, “Coltura Colectiva,” and consisting of 146 gigabytes containing 540 million Facebook records. The records contained information such as account names, comments, Facebook IDs, and likes, amongst others. Researchers also identified a different Facebook-integrated application hosted on a publicly-accessible Amazon S3 bucket called “At the Pool.” The bucket for the At the Pool application contained information consisting of data labeled as fb_books, fb+checkins, fb_events, fb_friends, fb_groups, fb_interests, fb_likes, fb_movies, fb_music, password, fb_photos, among others.
Recommendation: Always make sure your cloud storage is properly configured. Experts have been warning companies that Amazon S3 buckets are too often misconfigured. Leaked data can be used by threat actors in an attempt to make money or use it for malicious purposes. Ensure that any cloud storage services you use are properly configured to only allow access to trusted and authorized users. Require multi-factor authentication for access to the most sensitive materials you store. Facebook users should take precautionary measures and change their passwords, especially if they have been reused for other accounts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.