Facebook Exposes User Data Through Unprotected AWS S3 Buckets

Two repositories of unprotected Facebook user data sitting in Amazon S3 buckets have been discovered. More than 540 million files with personal data were exposed, potentially leaking hundreds of millions of records about users, including their names, passwords, comments, interests, and likes. The data sets had been uploaded to Amazon’s cloud system by two different Facebook app developers.

This poses another security set-back for the social networking giant, especially on the heels of last year’s Cambridge Analytica scandal, where tens of millions of Facebook users’ data was exposed through a third-party app on the Facebook platform.

While Facebook is scrambling to make sense of what has happened, Lacework offers some insight and perspective on how this happened, along with prescriptive advice for S3 bucket security best practices.