Facebook user data is still showing up in places it shouldn't.
Researchers at UpGuard,a cybersecurity firm,found troves of user information hiding in plain sight,无意中发布在亚马逊公司的云计算服务器上。The discovery shows that a year after the Cambridge Analytica scandal exposed how unsecure and widely disseminated Facebook users' information is online,companies that control that information at every step still haven't done enough to seal up private data.
在一个例子中，Mexico City-based digital platform Cultura Colectiva,openly stored 540 million records on Facebook users,including identification numbers,评论，reactions and account names.The records were accessible and downloadable for anyone who could find them online.该数据库周三关闭，此前彭博社通知Facebook该问题，Facebook联系了亚马逊。彭博社新闻报道后，Facebook股价下跌。
另一个长期失效的应用程序的数据库在池中列出了名称，22000人的密码和电子邮件地址。UpGuard doesn't know how long they were exposed,as the database became inaccessible while the company was looking into it.
脸谱网公司多年来与第三方开发者免费分享此类信息，在最近镇压之前。The problem of accidental public storage could be more extensive than those two instances.upguard发现了10万个开放的亚马逊托管的各种数据数据库，它所期望的其中一些不应该是公开的。
"The public doesn't realize yet that these high-level systems administrators and developers,the people that are custodians of this data,他们要么是冒险，要么是懒惰，要么是偷工减料，”克里斯·维克利说，网络风险研究总监。“对大数据安全方面的关注不够。”
Facebook for many years allowed anyone making an app on its site to obtain information on the people using the app,以及那些用户的朋友。Once the data is out of Facebook's hands,the developers can do whatever they want with it.
去年，Facebook started an audit of thousands of apps and suspended hundreds until they could make sure they weren't mishandling user data.Facebook now offers rewards for researchers who find problems with its third-party apps.
在Cultura Colevita数据集中，总共146千兆字节，研究人员很难知道有多少Facebook用户受到了影响。UpGuard also had trouble working to get the database closed.该公司在数月内给CulturaColevita和亚马逊发送电子邮件，提醒他们注意这个问题。It wasn't until Facebook contacted Amazon that the leak was addressed.CulturaColevita没有回应彭博社的置评请求。
This latest example shows how the data security issues can be amplified by another trend: the transition many companies have made from running operations predominantly in their own data centers to cloud-computing services operated by Amazon,微软公司Alphabet Inc.'s Google and others.
Those tech giants have built multibillion-dollar businesses by making it easy for companies to run applications and store troves of data,从公司文件到员工信息，on remote servers.
类似亚马逊网络服务的简单存储服务，基本上是一个可以上网的硬盘，offer clients the choice of whether to make the data visible to just the person who uploaded it,other members of their company,or anyone online.Sometimes,that information is designed to be public-facing,as in the case of a cache of photos or other images stored for use on a corporate website.
其他时间，it isn't.近年来，information stored on several cloud services -- U.S.军事数据，personal information of newspaper subscribers and cell phone users -- has been inadvertently shared publicly online and discovered by security researchers.
亚马逊在过去两年里已经加强了防止客户暴露敏感材料的协议，adding prominent warning notices,making tools for administrators to more simply turn off all public facing items,并且提供免费的服务，以前是一个付费附加组件，用于检查客户的帐户是否有暴露的数据。
科里·奎因说：“起初我会把很多东西放在自动焊接系统上。who advises businesses that use Amazon's cloud at the Duckbill Group,咨询公司But since Amazon has taken steps to address the issue,companies like Cultura should be aware,他说。"With all of this in the news,and all of this continuing to come out,if you're still opening AWS buckets [to the public],you're not paying attention."
亚马逊并不是唯一一家定期被私人记录错误公开的公司。但在出售租用的数据存储和计算能力方面，它有着广泛的领先地位，putting a spotlight on Seattle-based company's practices.亚马逊网站服务发言人拒绝置评。