More than 540 million records of Facebook users were exposed by publicly accessible Amazon S3 buckets used by two third-party apps to store user data such as plain text app passwords, account names, user IDs, interests, relationship status, and more.
As discovered by the UpGuard Cyber Risk team, Mexico-based media company
Cultura Colectiva stored the records of roughly 540 million of its users within a 146 GB database called "cc-datalake," stored in a misconfigured Amazon S3 bucket which gave anyone download permissions.
This huge collection of Facebook records contained "comments, likes, reactions, account names, FB IDs and more," allowing Cultura Colectiva to "to tune an algorithm for predicting which future content will generate the most traffic."
... ...