Two third-party Facebook app developers - Mexico-based digital media company Cultura Colectiva and California-based app maker At The Pool - had stored the data on Amazon's public servers and it was accessible and could be downloaded by the public, said the report.
According to the researchers from UpGuard, the larger of the two data sets came from a Mexican media company called Cultura Colectiva.
After a series of inadvertent exposures of information stored on AWS's Simple Storage Service in recent years, the company made it more hard for its customers to make data public facing in the first place, peppering the service with warning notices when something is exposed, and giving administrators easier options to shut down open databases.
Facebook has reacted quickly to the discovery of public databases containing data on 540 million of its users on a cloud server.
Although the volume of data was much smaller, it still contained 22,000 plain text passwords for the app, which could put users at risk if they reuse credentials across multiple sites. This shows that there have been little efforts from Facebook in ensuring foolproof security of the data that it extracts from its users.More news: Saudi Arabia bought off Jamal Khashoggi children with multi-million dollar gifts
More news: Candace Cameron Bure Broke Silence on Lori Loughlin College Admissions Scandal
More news: Chelsea's Hudson-Odoi to get first Premier League start this week - Sarri
UpGuard said one of the companies stored 146 gigabytes of data but the exact number of users whose data was included is not yet clear.
That's the takeaway from the latest story of Facebook's reckless data sharing. UpGuard's cyber risk research director Chris Vickery noted that it is high time user data is given its due respect and protection.
Redacted example of Facebook data from the exposed At the Pool dataset.
"The public doesn't realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners. In general, we work with developers to make sure that they're respecting people's information and using it only in ways that they want".
Unlike the 2017 Equifax breach, financial details and Social Security numbers were left out. In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security.
"They just don't want to start a precedent of them meddling with the data", Vickery said, back when he was having trouble getting Amazon to take it down.