Cultura Colectiva cached data of 540 million Facebook users on Amazon web servers

cultura colectiva cached data of 540 million facebook users on amazon web servers
cultura colectiva cached data of 540 million facebook users on amazon web servers

Contxto – It’s that time of year again, folks! Sources are accusing Facebook of inappropriately sharing users’ data with third parties. This time around, Mexican startup Cultura Colectiva is the protagonist in the biggest data breach scandal since last year’s Cambridge Analytica fuss.

In summary

Buzzfeed-like media startup, Cultura Colectiva, finds itself in hot water after Upguard, the multinational cybersecurity firm, unearthed its dirty laundry.

Upguard released a publication earlier this week claiming that the Mexico City-based startup stored Facebook user data on public servers without any protections. In theory, anyone could have downloaded the unprotected database weighing over 146 gigabytes of text on Amazon’s S3 bucket.


We’re talking about 540 million Facebook users with exposed information free for the taking. Everything from user names, Facebook IDs, likes, comments and reactions practically became public knowledge.

That’s like the cyberspace equivalent of going apple picking – just pick and choose what data you’d like to harvest!

Source: Upguard

On top of that, the former California-based company “At The Pool” allegedly kept even more private data involing friend lists, interests, group affiliations, etc.

It doesn’t matter that this past company accessed only 22 million accounts, less than Cultura Colectiva. The fact that sensitive private data could be so irresponsibly handled makes the case even worse.

Source: Upguard

Cultura Colectiva issued a statement a few hours after Upguard published its article. Within the correspondence, the company claimed that the data wasn’t sensitive and meant for an “enhanced user experience.” Regardless, they miserably failed to explain why they didn’t just store the data on a secure private server.

Presumably, Upguard attempted to contact Cultura Colectiva twice to warn the firm about this issue. In the end, no response. They even tried to contact Amazon without any relevant actions taken, either.

Allegedly, Facebook wasn’t aware of this until a Bloomberg representative notified the tech giant about the data breach earlier this week, according to TechCrunch. The databases were no longer available as of yesterday morning.

Interestingly enough, this is not the first time Upguard tried to warn Facebook about the potentially detrimental consequences of its data strategy. But as TNW says: “The data genie cannot be put back in the bottle,” and with much reason.


So, I’ve been reading tweets from people justifying Cultura Colectiva. Apparently, some defend the company since “they use the data to feed their algorithm.”

I respect technological improvements, but at what cost? How could the company be so careless in leaving such valuable information on a public server?

“Each of the data sets was stored in its own Amazon S3 bucket configured to allow public download of files.”


These issues make me wonder how much of our personal info is actually available for anyone to see. With this scandal, now it seems like anyone who knows a thing or two about gadgets or computers has the liberty to access our information. Where’s the accountability?


Scaling a startup or scouting for your next deal?
We help you get there faster.