The records were removed yesterday, but it’s yet another example of Facebook users’ data being mishandled. And it’s not even the only Facebook data scandal this week.

The sources: The data came from two apps, both of which were able to access Facebook data on users and their friends under rules that Facebook says it has since tightened up. One, a Mexican digital publisher called Cultura Colectiva, openly stored 540 million records, including comments, names, likes, and reactions to posts, in a publicly accessible database hosted by Amazon Web Services. The other was a now-defunct app called At the Pool, aimed at introducing you to potential new friends. It listed names, passwords, and e-mail addresses for 22,000 people. UpGuard, the Australian security firm that discovered the records, said it couldn’t tell how long the data had been exposed. Both databases were closed after Facebook notified Amazon, according to Bloomberg.

A reminder: This is just one of many Facebook data breaches revealed in the last year. It stems from Facebook’s willingness in previous years to hand over masses of data to third-party developers, a practice that got it into serious trouble in the case of Cambridge Analytica. It insists it’s tightened up data security since. But it raises a question: How much Facebook user data is still floating about, potentially in unsecure servers? There’s no way to tell, so don’t be surprised if this specific issue recurs (as it has done repeatedly so far).

Security headaches: Just yesterday Facebook was forced to stop asking users for their e-mail passwords to verify new accounts, after criticism that it’s poor practice to do so. And last month it turned out Facebook had been storing hundreds of millions of users’ passwords in plain text, another major security no-no.

Sign up here to our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.