Former Foreign Minister Boris Johnson is seen as the bookmaker's favorite to succeed outgoing Prime Minister Theresa May.Europe Politicsread more
J.P. Morgan economists said they now see a much slower economy in the second quarter, with growth of just 1%.Market Insiderread more
The combination of mounting recession fears, bets on a more cautious Fed and a regular uptick in market volatility could spell more losses, writes Nomura.Marketsread more
An analyst for Ark Invest, which has a major investment in Tesla, says recent drastic price-target cuts by others on Wall Street are missing the big picture.Investingread more
Rep. Chip Roy, R-Texas, has objected to a $19.1 billion disaster relief bill that was expected to pass unanimously Friday. The bill is likely to next be considered when...Politicsread more
If consummated, the deal would mark the latest in a flurry of activity in the payment technology space.Banksread more
The markets have been slow to recognize the high-stakes game that's playing out on the world stage.Economyread more
An altered video of House Speaker Nancy Pelosi made rounds on social media this week, which critics used to attack her mental state.Technologyread more
Stocks were headed for weekly losses on Friday as investors worry the U.S.-China trade war is hurting economic growth.US Marketsread more
One of the biggest Chinese chipmakers is delisting from the New York Stock Exchange amid the trade war, but the company said the decision is not related to the intensifying...Marketsread more
President Donald Trump, his businesses and members of his family on Friday appealed a federal judge's decision that Deutsche Bank and Capital One can turn over years of...Politicsread more
The records were apparently stored there by Facebook partners, not by Facebook itself. Moreover, the data was not particularly sensitive -- for instance, it did not include financial information or Social Security Numbers, which could be used to facilitate identity theft, and which were exposed in the 2017 Equifax breach.
Nonetheless, the exposure highlights the fact that Facebook partners have been able to collect significant amounts of data through their own apps, and that these partners may not always have secured that information adequately. Facebook has faced a barrage of negative publicity over the last two years related to the way it and its partners collect, share and secure data that users store and share on the service.
Facebook stock dipped about 1 percent on the report and ended the day slightly negative. Amazon was off its session highs but still up about 0.4 percent by Wednesday's close.
UpGuard is a commercial firm that sells products for companies to prevent and detect data exposures.
The company said in a blog post that the data it found on Amazon's S3 service included over 540 million records with Facebook user information like comments, reactions and account names that appear to have been uploaded by Mexico-based media company Cultura Colectiva.
UpGuard said it found a database backup for a Facebook-integrated app called "At the Pool," which included passwords for that app, among other details. This database contained passwords for just 22,000 users, according to UpGuard. That app ceased operations in 2014, UpGuard said.
UpGuard did not find Facebook passwords.
The data was stored in unsecured portions of Amazon's cloud service that could easily be accessed by outsiders if they had the right information and knew where to look, UpGuard said.
"[AWS] S3 buckets usually have a name," said UpGuard's vice president of product Greg Pollock. "In this case, the names were Yeti DB and the other one was CC Data Lake. If you guessed those names and have access to a browser, that's how easy it is."
A Facebook spokesperson said the company is investigating the case, and added that UpGuard had not reached out to the company directly as far as she knew. The spokesperson claimed Facebook first became aware of the exposure when a Bloomberg reporter reached out about the story it planned to write on UpGuard's findings.
"Storing information you get from Facebook on insecure locations is specifically prohibited by our policies," Facebook told CNBC.
In a statement, Amazon noted that certain security safeguards of AWS can be overridden by customers, such as the app makers in this case:
AWS customers own and fully control their data. When we receive an abuse report concerning content that is not clearly illegal or otherwise prohibited, we notify the customer in question and ask that they take appropriate action, which is what happened here. While Amazon S3 is secure by default, we offer the flexibility to change our default configurations to suit the many use cases in which broader access is required, such as building a website or hosting publicly downloadable content. As is the case on premises or anywhere else, application builders must ensure that changes they make to access configurations are protecting access as intended.
Cultura Colectiva said it was "concerned about the privacy and security" of its users' data. The company also said in its statement:
The UpGuard Cyber Risk team revealed that some of our datasets containing publicly available data were exposed, which included 540 million interactions such as likes, comments, and reactions. However, neither sensitive nor private data, like emails or passwords, were amongst those because we do not have access to that kind of data, so we did not put our users' privacy and security at risk. We are aware of the potential uses of data in current times, so we have reinforced our security measures to protect the data and privacy of our Facebook fanpages' users.