Skip to main content
  1. Home
  2. Computing
  3. News

In latest blow to Facebook, 540 million user records exposed by third-party apps

By
Add as a preferred source on Google
Image used with permission by copyright holder

In the latest privacy blow for Facebook, the information of up to 540 million users — including passwords, comments, likes, and Facebook IDs — were left by app developers on publicly visible Amazon cloud servers. That’s according to a report from the security firm UpGuard, which initially discovered the two datasets of Facebook user information.

Though the information on the servers was eventually removed once Facebook was contacted, it is not known how long the data was available to the public — or who may have accessed it. According to UpGuard, there are two specific data sets that contained user information. One set which comes from the Mexican media company, Cultra Collectiva, weighed in at 146GB and contained the personal information of 540 million Facebook users. The second data set, which traces back to a Facebook app going by the name of “At the Pool,” was also found in a public Amazon S3 server. This data set is smaller than Cultra Collectiva’s but contained the passwords for 22,000 users. It also contained sensitive information such as Facebook likes and check-ins.

Recommended Videos

“The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third-party developers,” UpGuard said.

Facebook and Amazon worked to take down databases, but not before the damage was done. “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data,” said Facebook in a statement.

Though there remains the possibility that these app developers could have inadvertently placed the information on public servers, it serves as a reminder that Facebook data is not always private. Previously, in December 2018, an API bug exposed the private photos of up to 6.8 million Facebook users to third-party apps. Facebook had also faced criticism following the fallout of the Cambridge Analytica scandal and promised to reduce the number of apps that have access to user data.

Arif Bacchus
Arif Bacchus
Former Computing Writer
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Topics
Razer’s new Blade 18 gets Arrow Lake refresh and a modest $3,999.99 starting price
For $3,999.99, you get the base model with Nvidia RTX 5070 Ti. A 5090 variant is available, too.
Razer Blade 18.

Razer has officially unveiled the 2026 Blade 18 today, and at the heart of all three configurations is an Intel Arrow Lake processor. 

I’m talking about the Core Ultra 9 290HX Plus, which features 24 cores, up to 5.5GHz clock speed (with boost), 36MB cache, and an onboard NPU that delivers up to 13 TOPS of compute power. 

Read more
Windows 11 will clean up its own driver mess so you don’t have to
Say goodbye to the nightmare of hunting down broken drivers after a bad Windows update.
Surface laptop on wooden table

It seems that Microsoft is keeping up its promise of making Windows 11 better. After introducing a new low-latency mode that speeds up app launches and an update that fixes the RAM memory leak issue, the tech giant is testing a new feature that addresses one of its most prominent problems. 

The new feature is called Cloud-Initiated Driver Recovery, and it can automatically roll back a broken driver that was pushed to your PC through Windows Update. 

Read more
After flubbing with Siri, Apple plans to host AI agents on the App Store
One problem is about money Apple won't commit to not charging. The other is about AI agents Apple can't figure out how to control. WWDC needs to solve both.
Electronics, Mobile Phone, Phone

Apple is currently facing a Siri problem that has nothing to do with Siri at all. With WWDC 2026 just weeks away, The Information reports the company is actively courting developers to integrate their apps with the new Siri coming in iOS 27. 

The mechanism powering the overhauled Siri, App Intents, is an API that lets Siri execute actions inside third-party apps without you actively opening them, which sounds quite useful, I’d say. However, some of the world’s largest developers are dragging their feet on it, not because it’s tough, but because Apple left the door open on charging for it later.

Read more