A vast collection of data on Facebook users was exposed to the public until recently on Amazon’s cloud computing servers, researchers have found.
Two third-party Facebook app developers were found to have stored user data on Amazon’s servers in a way that allowed it to be downloaded by the public, according to a report from UpGuard, a cybersecurity firm.
One of the companies stored 146 gigabytes of data containing more than 540 million records, including comments, likes, reactions and account names, on the Amazon servers, according to UpGuard. The number of users whose data was included is not yet clear.
Another app is said to have stored unprotected Facebook passwords for 22,000 users.
Chris Vickery, the director of cyber risk research at UpGuard, told CNN Business that the find “highlights a problem that is intrinsic with mass data collection.”
Vickery said that the data appeared to have been gathered through a Facebook integration. Facebook allows third party developers to integrate apps and websites with its platform to allow for functionality like signing into a service using Facebook.
Facebook has “no way of guaranteeing the safe storage of the data of their end users if they are going to allow app developers to harvest it in mass,” Vickery said.
In a statement provided to CNN Business, a Facebook spokesperson said, “Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”
Representatives for Amazon did not immediately respond to a request for comment.
Bloomberg was first to report the news.
The new finding is the latest to highlight Facebook’s struggle to protect the data collected from its more than 2 billion users. It may only increase scrutiny on the company after a year of data privacy scandals.
Last March, news broke that Cambridge Analytica, a data firm with ties to Donald Trump’s presidential campaign, accessed information from as many as 87 million Facebook users without their knowledge.
Facebook has said the data was initially collected by a professor for academic purposes in line with its rules. The information was later transferred to third parties, including Cambridge Analytica, in violation of Facebook’s policies, Facebook has said.
Since then, Facebook has come under scrutiny for offering more of its users’ data to companies than it had previously admitted. Last year, the company also revealed that attackers exploited a bug on the platform to expose the information of nearly 50 million users.
Politicians on both sides of the Atlantic have sharply criticized the company’s data privacy practices. The U.S. Federal Trade Commission is said to be looking to levy a record fine against the company for violating an earlier data privacy agreement. In October, UK authorities hit Facebook with a £500,000 fine, the maximum possible, over the Cambridge Analytica scandal.