SAN FRANCISCO — Security researchers have uncovered more instances of Facebook user data being publicly exposed on the internet, further underscoring its struggles as it deals with a slew of privacy and other problems.
The researchers from the firm UpGuard said in a blog post Wednesday that the data, which included user names and passwords, came from two different Facebook apps that stored their data publicly on Amazon’s cloud services. Facebook said the databases have been taken down.
But the episode illustrates Facebook’s issues with controlling its users’ data, especially once it is in the hands of third-party developers.
The databases were from a Mexico-based media company called Cultura Colectiva, which included more than 540 million records — like user comments and likes — and from an app called At the Pool. The researchers said passwords stored for At the Pool were “presumably” for the app and not for Facebook. Still, storing them publicly could put people at risk if they used the same passwords across different accounts.
While the At the Pool data collection was not as large as that for Cultura Colectiva, UpGuard said it included plain text passwords for 22,000 users. The app itself shut down in 2014, and UpGuard said it is not known how long the user details were exposed.
The discovery comes a little over a year after Facebook’s Cambridge Analytica scandal , in which the data mining firm affiliated with Donald Trump got personal data on millions of Facebook users.
“As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle,” UpGuard wrote in its blog post. “Data about Facebook users has been spread far beyond the bounds of what Facebook can control today.”