Researchers at security firm UpGuard found that the user data, which had been harvested from Facebook by third-party app developers, was sitting without any password protection on public Amazon servers it had been uploaded to. That data included sensitive information like users’ friends, likes, music, photos, events, interests, and check-ins. UpGuard’s findings were first reported by Bloomberg.
The researchers said the larger of the two data sets came from a Mexican media company called Cultura Colectiva. A 146GB data set with information like Facebook user activity, account names, and IDs were found that included more than 540 million records, the researchers said. A similar data set was also found for an app called “At the Pool.” While smaller, the latter included especially personal information, including 22,000 Facebook passwords, the researchers reported.