Trump said he doesn't see a recession after the bond market spooked investors and the Dow suffered its worst day of the year last week.Marketsread more
Americans now say they approve of free trade by 64%-27%, a margin of better than two to one. That's up from 57%-37% early in Trump's presidency, and 51%-41% near the end of...Politicsread more
Trump said Cook made a "good case" that it would be difficult for Apple to pay tariffs, when Samsung does not face the same hurdle because much of its manufacturing is in...Technologyread more
The yield on the benchmark 10-year Treasury note briefly fell below the 2-year rate on Wednesday, a phenomenon in the bond market known as yield curve inversion, which is...Marketsread more
"I don't want to do business at all because it is a national security threat," Trump told reporters.Technologyread more
Despite aggressive strides, Waymo needs one thing before their self-driving cars become a seriously useful transportation system: people. We talked to the ones closest to it.Technologyread more
Trump's is due to visit Copenhagen early next month, when the Arctic will be on the agenda in meetings.World Politicsread more
The MacBook Pro recall and its subsequent ban from flights underscores the increasing brand risk from problems with lithium-ion batteries.Technologyread more
Experts say the timing of Amazon executives' contributions to Rep. David Cicilline likely reflect the company's heightened urgency over growing regulatory scrutiny.Technologyread more
CNBC combed through Wall Street research to see which stocks are still a buy after their earnings reports.Marketsread more
Coinbase security chief Philip Martin explains, "Possession of a key is possession of your currency. What that means is that you can't revoke a cryptocurrency key, if that key...Technologyread more
The records were apparently stored there by Facebook partners, not by Facebook itself. Moreover, the data was not particularly sensitive -- for instance, it did not include financial information or Social Security Numbers, which could be used to facilitate identity theft, and which were exposed in the 2017 Equifax breach.
Nonetheless, the exposure highlights the fact that Facebook partners have been able to collect significant amounts of data through their own apps, and that these partners may not always have secured that information adequately. Facebook has faced a barrage of negative publicity over the last two years related to the way it and its partners collect, share and secure data that users store and share on the service.
Facebook stock dipped about 1 percent on the report and ended the day slightly negative. Amazon was off its session highs but still up about 0.4 percent by Wednesday's close.
UpGuard is a commercial firm that sells products for companies to prevent and detect data exposures.
The company said in a blog post that the data it found on Amazon's S3 service included over 540 million records with Facebook user information like comments, reactions and account names that appear to have been uploaded by Mexico-based media company Cultura Colectiva.
UpGuard said it found a database backup for a Facebook-integrated app called "At the Pool," which included passwords for that app, among other details. This database contained passwords for just 22,000 users, according to UpGuard. That app ceased operations in 2014, UpGuard said.
UpGuard did not find Facebook passwords.
The data was stored in unsecured portions of Amazon's cloud service that could easily be accessed by outsiders if they had the right information and knew where to look, UpGuard said.
"[AWS] S3 buckets usually have a name," said UpGuard's vice president of product Greg Pollock. "In this case, the names were Yeti DB and the other one was CC Data Lake. If you guessed those names and have access to a browser, that's how easy it is."
A Facebook spokesperson said the company is investigating the case, and added that UpGuard had not reached out to the company directly as far as she knew. The spokesperson claimed Facebook first became aware of the exposure when a Bloomberg reporter reached out about the story it planned to write on UpGuard's findings.
"Storing information you get from Facebook on insecure locations is specifically prohibited by our policies," Facebook told CNBC.
In a statement, Amazon noted that certain security safeguards of AWS can be overridden by customers, such as the app makers in this case:
AWS customers own and fully control their data. When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here. While Amazon S3 is secure by default, we offer the flexibility to change our default configurations to suit the many use cases in which broader access is required, such as building a website or hosting publicly downloadable content. As is the case on premises or anywhere else, application builders must ensure that changes they make to access configurations are protecting access as intended.
Cultura Colectiva said it was "concerned about the privacy and security" of its users' data. The company also said in its statement:
The UpGuard Cyber Risk team revealed that some of our datasets containing publicly available data were exposed, which included 540 million interactions such as likes, comments, and reactions. However, neither sensitive nor private data, like emails or passwords, were amongst those because we do not have access to that kind of data, so we did not put our users' privacy and security at risk. We are aware of the potential uses of data in current times, so we have reinforced our security measures to protect the data and privacy of our Facebook fanpages' users.