Latest Facebook-related security breach finds millions of records exposed on Amazon server...

Posted:
in General Discussion
Security researchers have uncovered multiple instances of Facebook user data being exposed publicly on Amazon cloud servers, though it's not immediately clear to what extent either company is to blame.

Data center


One Mexican business, Cultura Colectiva, was found to be openly storing 540 million Facebook records including ID numbers, comments, reactions, and account names, according to security firm UpGuard. The database was shuttered on Wednesday, but only after Bloomberg contacted Facebook, which in turn spoke to Amazon.

In another example, a server was found with names, passwords, and email addresses for some 22,000 people, associated with defunct app called "At the Pool." UpGuard warned that it didn't know how long that data had been exposed, as access closed in the middle of an investigation.

Even if Facebook isn't directly to blame, the situation may only compound pressure on the social network in the wake of multiple privacy scandals. These include data sharing deals with companies like Apple, Amazon, Microsoft, and Sony, plus people being able to look up strangers based on phone numbers submitted for two-factor authentication. By far the biggest though is Cambridge Analytica, which has attracted investigations by the U.S. and U.K. over voter data collected without most users' consent. In late March Facebook was found keeping "hundreds of millions" of unencrypted passwords on internal servers.

Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.

Earlier this month, CEO Mark Zuckerberg called for new privacy and electoral integrity legislation, further pledging to create an independent body through which people can appeal controversial content decisions.

Comments

  • Reply 1 of 13
    larz2112larz2112 Posts: 291member
    Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.

    I would hope so. It is the only way these companies will learn, and hopefully put sufficient safeguards in place.
    cornchipmacseekerwatto_cobra
  • Reply 2 of 13
    cornchipcornchip Posts: 1,945member
    larz2112 said:
    Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.

    I would hope so. It is the only way these companies will learn, and hopefully put sufficient safeguards in place.

    But will they?
    watto_cobra
  • Reply 3 of 13
    larz2112 said:
    Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.

    I would hope so. It is the only way these companies will learn, and hopefully put sufficient safeguards in place.
    I would prefer to see companies paying fines they would feel than send the executives to jail. The key is making it a large enough fine for the company to take notice and I have yet to see that happen.
    cornchipwatto_cobra
  • Reply 4 of 13
    mystigomystigo Posts: 183member
    Amazon is very very unlikely to be to blame here. They provide cloud computing service to third-parties through Amazon Web Services. My company has switched to these services and is in the process of closing our physical data center operations.

    The services they offer are highly configurable. Companies using them are responsible for securing any content that needs securing; there are plenty of tools and methodologies available to do so.

    Facebook as an organization seems to be populated by a great many people that know only enough to be incredibly dangerous. How could *anyone* there not have given a second thought to storing unencrypted passwords on a public server or allowing said information to flow to third parties that would do the same. It just boggles the mind.
    edited April 2019 watto_cobra
  • Reply 5 of 13
    larz2112larz2112 Posts: 291member
    larz2112 said:
    Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.

    I would hope so. It is the only way these companies will learn, and hopefully put sufficient safeguards in place.
    I would prefer to see companies paying fines they would feel than send the executives to jail. The key is making it a large enough fine for the company to take notice and I have yet to see that happen.
    The article says "potentially end up paying billions in U.S. fines". I would hope that would be enough of a financial penalty to motivate companies to make significant improvements. And sending a few executives to jail in addition to fines can't hurt, and potentially instill a bit more personal accountability into the equation. That being said, I am not holding my breath that either will happen.
    watto_cobra
  • Reply 6 of 13
    Johan42Johan42 Posts: 163member
    larz2112 said:
    Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.

    I would hope so. It is the only way these companies will learn, and hopefully put sufficient safeguards in place.
    I would prefer to see companies paying fines they would feel than send the executives to jail. The key is making it a large enough fine for the company to take notice and I have yet to see that happen.
    Paying fines AND sending them to jail would be the best approach.
    StrangeDays
  • Reply 7 of 13
    CarnageCarnage Posts: 91member
    I hope Vestager comes for them.
    watto_cobra
  • Reply 8 of 13
    crowleycrowley Posts: 10,453member
    Security researchers have uncovered multiple instances of Facebook user data being exposed publicly on Amazon cloud servers, though it's not immediately clear to what extent either company is to blame.
    Why would it be Amazon's fault?  They provide the platform, it's up to Facebook to configure it and not store unencrypted user data on it.
    watto_cobra
  • Reply 9 of 13
    StrangeDaysStrangeDays Posts: 12,844member
    larz2112 said:
    Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.

    I would hope so. It is the only way these companies will learn, and hopefully put sufficient safeguards in place.
    I would prefer to see companies paying fines they would feel than send the executives to jail. The key is making it a large enough fine for the company to take notice and I have yet to see that happen.
    What's wrong with sending people to prison for breaking the law? We send poor people to prison for small crimes, why not send executives to prison for massive violations?
    watto_cobra
  • Reply 10 of 13
    larz2112 said:
    Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.

    I would hope so. It is the only way these companies will learn, and hopefully put sufficient safeguards in place.
    I would prefer to see companies paying fines they would feel than send the executives to jail. The key is making it a large enough fine for the company to take notice and I have yet to see that happen.
    What's wrong with sending people to prison for breaking the law? We send poor people to prison for small crimes, why not send executives to prison for massive violations?
    Nothing, as long as the correct people are being sent to jail. Just saying "executives" doesn't cut it. Using Apple as the example, Tim Cook is always touting privacy with Apple products. So, if some engineer screws up and changes something or does something incorrectly that allows a data breach then Tim Cook should go to jail? How does that make sense? Who believes the "executives" are the ones that are actually securing the data? How many data centers does Apple have now (not counting services in use like AWS)? Shouldn't the people working at those data centers be the ones held responsible?

    And where does that end? Should we send Elon Musk to jail if the brakes fail on a Tesla and someone is killed? How many executives do you think would have a change of heart regarding services their company provides if they have to do jail time due to the mistake on someone else's part?
    gatorguywatto_cobra
  • Reply 11 of 13
    geekmeegeekmee Posts: 629member
    Can you say? Cost of doing business 
    watto_cobra
  • Reply 12 of 13
    crowleycrowley Posts: 10,453member
    larz2112 said:
    Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.

    I would hope so. It is the only way these companies will learn, and hopefully put sufficient safeguards in place.
    I would prefer to see companies paying fines they would feel than send the executives to jail. The key is making it a large enough fine for the company to take notice and I have yet to see that happen.
    What's wrong with sending people to prison for breaking the law? We send poor people to prison for small crimes, why not send executives to prison for massive violations?
    Nothing, as long as the correct people are being sent to jail. Just saying "executives" doesn't cut it. Using Apple as the example, Tim Cook is always touting privacy with Apple products. So, if some engineer screws up and changes something or does something incorrectly that allows a data breach then Tim Cook should go to jail? How does that make sense? Who believes the "executives" are the ones that are actually securing the data? How many data centers does Apple have now (not counting services in use like AWS)? Shouldn't the people working at those data centers be the ones held responsible?

    And where does that end? Should we send Elon Musk to jail if the brakes fail on a Tesla and someone is killed? How many executives do you think would have a change of heart regarding services their company provides if they have to do jail time due to the mistake on someone else's part?
    The executives are ultimately in charge of quality assurance and testing.  One engineer making a mistake is an individual failing, but that mistake making its way into a production unit is a systematic failure, for which the boss is accountable.
    edited April 2019 larz2112
  • Reply 13 of 13
    gatorguygatorguy Posts: 24,176member
    crowley said:
    larz2112 said:
    Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.

    I would hope so. It is the only way these companies will learn, and hopefully put sufficient safeguards in place.
    I would prefer to see companies paying fines they would feel than send the executives to jail. The key is making it a large enough fine for the company to take notice and I have yet to see that happen.
    What's wrong with sending people to prison for breaking the law? We send poor people to prison for small crimes, why not send executives to prison for massive violations?
    Nothing, as long as the correct people are being sent to jail. Just saying "executives" doesn't cut it. Using Apple as the example, Tim Cook is always touting privacy with Apple products. So, if some engineer screws up and changes something or does something incorrectly that allows a data breach then Tim Cook should go to jail? How does that make sense? Who believes the "executives" are the ones that are actually securing the data? How many data centers does Apple have now (not counting services in use like AWS)? Shouldn't the people working at those data centers be the ones held responsible?

    And where does that end? Should we send Elon Musk to jail if the brakes fail on a Tesla and someone is killed? How many executives do you think would have a change of heart regarding services their company provides if they have to do jail time due to the mistake on someone else's part?
    The executives are ultimately in charge of quality assurance and testing.  One engineer making a mistake is an individual failing, but that mistake making its way into a production unit is a systematic failure, for which the boss is accountable.
    Which explains why CEO's and executives get bonuses despite things that happen beneath them.
    Hey, wait a minute.... !
Sign In or Register to comment.