Security researchers have uncovered multiple instances of Facebook user data being exposed publicly on Amazon cloud servers, though it's not immediately clear to what extent either company is to blame.
One Mexican business, Cultura Colectiva, was found to be openly storing 540 million Facebook records including ID numbers, comments, reactions, and account names, according to security firm UpGuard. The database was shuttered on Wednesday, but only after Bloomberg contacted Facebook, which in turn spoke to Amazon.
In another example, a server was found with names, passwords, and email addresses for some 22,000 people, associated with defunct app called "At the Pool." UpGuard warned that it didn't know how long that data had been exposed, as access closed in the middle of an investigation.
Even if Facebook isn't directly to blame, the situation may only compound pressure on the social network in the wake of multiple privacy scandals. These include data sharing deals with companies like Apple, Amazon, Microsoft, and Sony, plus people being able to look up strangers based on phone numbers submitted for two-factor authentication. By far the biggest though is Cambridge Analytica, which has attracted investigations by the U.S. and U.K. over voter data collected without most users' consent. In late March Facebook was found keeping "hundreds of millions" of unencrypted passwords on internal servers.
Facebook could potentially end up paying billions in U.S. fines as a result of these breaches.
Earlier this month, CEO Mark Zuckerberg called for new privacy and electoral integrity legislation, further pledging to create an independent body through which people can appeal controversial content decisions.