After last September’s massive network hack that left the personal details of nearly 50 million users exposed, Facebook has come under fire again. This time it’s for third-party data leaks.
On April 3, UpGuard, a cloud security firm, reported that the data of more than 540 million Facebook user records saved through Amazon Web Services Simple Storage (AWS S3) had been made available for public downloading. The 146-GB data set consisted of Facebook user comments and was left online by Cultura Colectiva, a Mexican media firm.
In a separate AWS S3 bucket, UpGuard found the sensitive information of more than 22,000 Facebook records left online by a defunct Facebook-integrated app called “At the Pool.”
The data leaked through AWS S3 was retrieved from Facebook by third-party apps and used by application developers to create new services. While these recent data breaches can be attributed to the irresponsible actions of third-party app developers, there are still fingers pointed at Facebook. Why? Because the responsibility for harm from data leaks ultimately falls on publishers.
In a tangled ecosystem of vendors and suppliers, hackers target the weakest security link. For a large publisher such as Facebook with millions of app developers, the surface area that needs protecting is vast. Facebook has the daunting challenge to keep tabs on the security and privacy practices of every player in its chain.
Leaked Sensitive Data on the Rise
In 2018, the number of publicly disclosed data breaches dropped 23 percent compared to 2017, according to the Identity Theft Resource Center (ITRC). Meanwhile, the reported number of exposed consumer records containing personally identifiable information jumped 126 percent, from 197.6 million in 2017 to 446.5 million in 2018. ITRC noted that the exposure is likely higher because only half of the reported breaches disclosed the number of exposed records.
Of the data breaches tracked by ITRC in 2018, the highest number of exposures happened due to unauthorized access, followed by accidental exposure and hacking.
In the increasingly complex and criminally fertile digital ad ecosystem, publishers of all stripes simply cannot afford to trust that the privacy of their user data will be fully protected by third parties. When publishers give third parties access to sensitive data, the publishers are responsible for seeing that the data is kept safe.
Learn how Apomaya’s application unification technology helps place web publishers in control of their third-party vendors.
CBS News, “Hundreds of millions of Facebook user records were exposed on Amazon cloud server” https://www.cbsnews.com/news/millions-facebook-user-records-exposed-amazon-cloud-server/
Dark Reading, “Third Parties in Spotlight as More Facebook Data Leaks” https://www.darkreading.com/vulnerabilities---threats/third-parties-in-spotlight-as-more-facebook-data-leaks/d/d-id/1334344
Dark Reading, “Exposed Consumer Data Skyrocketed 126% in 2018” https://www.darkreading.com/attacks-breaches/exposed-consumer-data-skyrocketed-126--in-2018/d/d-id/1333790