Security researchers reported today that they found data 540 million Facebook users, on Amazon's cloud servers.
Security researchers from the team UpGuard Cyber Risk, reported today that they found a total of 146GB data on Amazon's cloud servers, split into two large pieces. The first piece of data comes from a media company called Cultura Colectiva and contains records of user activity such as comments, reactions, friends, interests, groups, checkins, events, photos and more, as well as account names and identifiers Facebook.
The second piece of the leak appears to be a backup from a third-party Facebook-embedded app called “At the Pool,” which included the same content as the previous piece plus codeof user access. However, the researchers said the passwords appeared to come from the At the Pool app, rather than the Facebook accounts.
But users have used the same passwords on two their accounts, i.e. Facebook and the “At the Pool” app, are at risk of losing their accounts. The researchers also said the data has been removed after contacting Facebook.
The At the Pool app was discontinued in 2014, and the company's website currently returns a notice error404. This means that exposed names, passwords, email addresses, Facebook IDs and other details were open to any attacker for an unknown period of time.
Therefore, the security company recommends to all Facebook users, especially those who have used the application "At the Pool", to immediately change their passwords. Just a few weeks ago, engineers Facebok discovered that user names and passwords of hundreds of millions of users were kept as plain text on one of their servers and accessible to thousands of employees.