The report from UpGuard comes nearly a year after revelations that Cambridge Analytica, a political consultancy, improperly accessed the personal data of 87 million Facebook users with the aid of a quiz app.
What's Facebook doing about it?
Upguard apparently tried to contact Cultura Colectiva, with no response.
By far the larger of the two comes from Mexico-based media company Cultura Colectiva.
The second AWS server stored data recorded by the "At the Pool" Facebook game.
In response to public concern for privacy, Facebook started an audit of thousands of apps and suspended hundreds of them past year to ensure information was not stored unsecured in public databases. "We are committed to working with the developers on our platform to protect people's data", the spokesperson added.
How much data do these buckets contain?
Cultura Colectiva was quoted by Reuters as saying in a statement that all of its Facebook records came from user interactions with its three pages on Facebook and is the same information publicly accessible to anyone browsing those pages. The smaller dataset was taken offline during UpGuard's investigation. Plaintext passwords were included, but they weren't Facebook passwords. "But as these exposures show, the data genie can not be put back in the bottle", UpGuard wrote in its blog post. "Combine that plenitude of personal data with storage technologies that are often misconfigured for public access, and the result is a long tail of data about Facebook users that continues to leak".More news: Brexit: Theresa May offers cross-party talks to break deadlock
More news: Zidane praise for Man Utd’s Pogba opens door to Real bid
More news: Fernando Alonso - Bahrain test not a precursor to full F1 comeback
Well, it's hard to say.
"Too many organisations are using poor hygiene when storing passwords and other sensitive information", said Stephen Cox, Chief Security Architect at SecureAuth. Once your data is out there, there's really no getting it back.
According to UpGuard, all information found was collected by two applications, Collective Culture and At the Pool.
Still, UpGuard's findings reveal how Facebook partners collect massive amounts of data with their own apps.
Cultura Colectiva is a digital platform that posts stories about celebrities and culture and largely targets a Latin American audience. So reports UpGuard, a cybersecurity risk assessment company, which notes in an April 3 press release that the two data sets in question were configured for public download.
UpGuard sells products for companies to prevent and detect data exposures.
First the Cambridge Analytica saga, then the security flaw that allowed hackers to access 50 million Facebook accounts... and now this. We also asked the company how it intends to prevent this kind of third-party app privacy failure in the future.