In the latest incident highlighting Facebook’s apparently casual approach to mass data collection, the company has once again been caught on the wrong foot.
Personal data of millions of Facebook users was found lying on public servers, according to a report released on Wednesday by California-headquartered cybersecurity firm UpGuard.
Cyber experts say it looks like Facebook does not have enforced guidelines when it comes to how its partners handle cybersecurity.
"Seems like every other week a security issue is discovered in the Facebook ecosystem," Renaud Deraison, co-founder and CTO of cyber exposure specialists Tenable, told The National.
"Facebook is giving third-party app developers access to user data. That means the company’s massive trove of data is in the hands of potentially thousands of third parties all over the world," Mr Renaud said.
Two third-party Facebook app developers - Mexico-based digital media company Cultura Colectiva and California-based app maker At The Pool - had stored the data on Amazon's public servers and it was accessible and could be downloaded by the public, said the report.
The data included confidential information related to Facebook users’ passwords, comments, account names, "likes" and recent activities. There were over 540 million individual records of personal data.
The discovery shows that a year after the Cambridge Analytica scandal exposed how unsecure and widely disseminated Facebook users’ information is online, companies that control that information at every step still haven’t done enough to seal up private data.
"App developers are focused mainly on bringing new offerings to market quickly - it's what consumers have come to expect. It looks like Facebook doesn't have enforced guidelines when it comes to how its partners handle cybersecurity," Mr Renaud told The National.
"As long as cybersecurity remains an afterthought in the digital economy, we'll continue to see these kinds of easily preventable data leaks."
UpGuard said one of the companies stored 146 gigabytes of data but the exact number of users whose data was included is not yet clear.
Security researcher Chris Vickery, who discovered the millions of records from Facebook users sitting unsecured on a public database, said he tried for weeks to get Amazon.com, owner of the servers where the data were stored, to take it down.
“We’re looking into the situation and assessing any extra steps we can take,” came the response from Amazon security staff on February 21 - three weeks after Mr Vickery initially brought the data exposure to Amazon’s attention - according to Bloomberg.
“Companies like Amazon Web Services push a narrative of a shared responsibility model, where they’re responsible for the hardware,” he said. “And then it’s up to the ones who are paying to store the data to correctly configure their storage instances to make sure anyone on the internet can’t access it.”
Facebook said it worked with Amazon to take down the database. It’s unclear whether Amazon pulled the plug itself, or persuaded Cultura Colectiva to take the files offline.
500 People from Gaza enter France
115 Special programme for artists
25 Evacuation of injured and sick
The specs
Engine: 6.2-litre V8
Power: 502hp at 7,600rpm
Torque: 637Nm at 5,150rpm
Transmission: 8-speed dual-clutch auto
Price: from Dh317,671
On sale: now
Pathaan
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Siddharth%20Anand%C2%A0%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%3C%2Fstrong%3E%20Shah%20Rukh%20Khan%2C%20Deepika%20Padukone%2C%20John%20Abraham%C2%A0%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%203%2F5%3C%2Fp%3E%0A
The Indoor Cricket World Cup
When: September 16-23
Where: Insportz, Dubai
Indoor cricket World Cup:
Insportz, Dubai, September 16-23
UAE fixtures:
Men
Saturday, September 16 – 1.45pm, v New Zealand
Sunday, September 17 – 10.30am, v Australia; 3.45pm, v South Africa
Monday, September 18 – 2pm, v England; 7.15pm, v India
Tuesday, September 19 – 12.15pm, v Singapore; 5.30pm, v Sri Lanka
Thursday, September 21 – 2pm v Malaysia
Friday, September 22 – 3.30pm, semi-final
Saturday, September 23 – 3pm, grand final
Women
Saturday, September 16 – 5.15pm, v Australia
Sunday, September 17 – 2pm, v South Africa; 7.15pm, v New Zealand
Monday, September 18 – 5.30pm, v England
Tuesday, September 19 – 10.30am, v New Zealand; 3.45pm, v South Africa
Thursday, September 21 – 12.15pm, v Australia
Friday, September 22 – 1.30pm, semi-final
Saturday, September 23 – 1pm, grand final
Pari
Produced by: Clean Slate Films (Anushka Sharma, Karnesh Sharma) & KriArj Entertainment
Director: Prosit Roy
Starring: Anushka Sharma, Parambrata Chattopadhyay, Ritabhari Chakraborty, Rajat Kapoor, Mansi Multani
Three stars
Cryopreservation: A timeline
- Keyhole surgery under general anaesthetic
- Ovarian tissue surgically removed
- Tissue processed in a high-tech facility
- Tissue re-implanted at a time of the patient’s choosing
- Full hormone production regained within 4-6 months
Three tips from La Perle's performers
1 The kind of water athletes drink is important. Gwilym Hooson, a 28-year-old British performer who is currently recovering from knee surgery, found that out when the company was still in Studio City, training for 12 hours a day. “The physio team was like: ‘Why is everyone getting cramps?’ And then they realised we had to add salt and sugar to the water,” he says.
2 A little chocolate is a good thing. “It’s emergency energy,” says Craig Paul Smith, La Perle’s head coach and former Cirque du Soleil performer, gesturing to an almost-empty open box of mini chocolate bars on his desk backstage.
3 Take chances, says Young, who has worked all over the world, including most recently at Dragone’s show in China. “Every time we go out of our comfort zone, we learn a lot about ourselves,” she says.
Dhadak 2
Director: Shazia Iqbal
Starring: Siddhant Chaturvedi, Triptii Dimri
Rating: 1/5
Killing of Qassem Suleimani
What the law says
Micro-retirement is not a recognised concept or employment status under Federal Decree Law No. 33 of 2021 on the Regulation of Labour Relations (as amended) (UAE Labour Law). As such, it reflects a voluntary work-life balance practice, rather than a recognised legal employment category, according to Dilini Loku, senior associate for law firm Gateley Middle East.
“Some companies may offer formal sabbatical policies or career break programmes; however, beyond such arrangements, there is no automatic right or statutory entitlement to extended breaks,” she explains.
“Any leave taken beyond statutory entitlements, such as annual leave, is typically regarded as unpaid leave in accordance with Article 33 of the UAE Labour Law. While employees may legally take unpaid leave, such requests are subject to the employer’s discretion and require approval.”
If an employee resigns to pursue micro-retirement, the employment contract is terminated, and the employer is under no legal obligation to rehire the employee in the future unless specific contractual agreements are in place (such as return-to-work arrangements), which are generally uncommon, Ms Loku adds.
UAE currency: the story behind the money in your pockets
KILLING OF QASSEM SULEIMANI
