In the latest incident, cybersecurity firm UpGuard 'discovered' that 2 cache of Facebook user data sitting on Amazon’s servers were unprotected, exposing hundreds of millions of records about users, including their names, passwords, comments, interests, and likes. The data sets had been uploaded to Amazon’s cloud system by two different Facebook app developers.
This incident shows again and again, that Facebook really has no control over data that it shares with 3rd parties and how it ends up or how securely it’s stored. Post the issue with Cambridge Analytica, Facebook vowed to crack down on data access and to audit application developers that have ever had access to mass quantities of data.
This latest revelation really rankles and the question now being popped up is - did Facebook implement any of the steps they announced post Cambridge Analytica and if yes, what were the measures taken? Or the measures announced were just to please the public and users alike with no serious attempts being made to implement what they publicly announced?
Facebook's conduct in this raised a lot of questions. In this latest revelation, UpGuard claimed it alerted Facebook in January 2019 but received no response. With the no response, UpGuard alerted the cloud provider, Amazon who in turn alerted the 3rd party whose database was exposed by the cybersecurity firm. Only on 3rd April 2019, was the database secured.
With this latest revelation, it looks like Parliamentarians in the UK were justified when in a UK parliamentary report that calls for FB to be regulated, it labeled Facebook and its executives as "digital gangsters". The 180-page document concludes that Facebook wilfully broke data privacy and competition laws.