As company executives try to rebrand Facebook as a privacy company, the company is still apparently struggling to instill a privacy culture internally and with third-party developers. As Kevin Poulson of the Daily Beast reported on April 2, some new Facebook users were being asked to provide both their email address and their email password in order to register accounts.
And in a blog post today, researchers from the cloud security firm UpGuard reported that they had discovered two publicly accessible caches of Facebook user data created by third-party applications that connected to the Facebook platform. Both caches were hosted by Amazon Web Services’ Simple Storage Service (S3) in the AWS public cloud.
The email password practice was first noticed by a software developer and information security expert who goes by the handle “e-sushi”: