A Mexican media company that's collected a giant trove of Facebook user data made it all available online over an unsecured server.

The open database contained over 540 million records including comments, likes, reactions and Facebook user names, according to the security firm UpGuard, which discovered the trove of data back in January.

For months, the 146 GB database has sat exposed via an Amazon AWS S3 bucket configured to let anyone download the files inside. But according to UpGuard, the trove of data was only secured today after Bloomberg contacted Facebook about the exposed database.

The database's owner, Cultura Colectiva, has issued a statement, saying the collected data was gathered from fanpages it manages over Facebook, and that the information was openly-shared by users. "We use that information to improve the users' experience on the internet, and also to generate content that will appeal to, engage, and inspire our audiences," the statement adds.

No passwords or emails were exposed in the leak, according to Cultura Colectiva. "So we did not put our users' privacy and security at risk," the company added.

However, UpGuard claims the Mexican media company ignored both its emails, and Amazon's own notifications, about the open database.

While investigating exposed AWS servers, UpGuard also uncovered a separate database that held Facebook user information, including user IDs and people's personal interests. However, the database involved only 22,000 users and originated from a now defunct Facebook-integrated app called "At the Pool."

The same database also held plain text passwords for users of the app. Fortunately, it was pulled offline during the security firm's investigation. But it isn't clear how long the database remained exposed, and if anyone else gained access to it.

In a statement, Facebook said its policies prohibit storing user information in a public database. "Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people's data," the company added.

The social network only learned of the exposed databases on Tuesday, and the company is still investigating to determine if user data was truly leaked and to what extent, a Facebook spokesperson told PCMag. The company plans on notifying any affected users.

UpGuard's blog post didn't mention how many users may have been ensnared in the Cultura Colectiva leak. However, the Mexican media company has 23 million followers on its Facebook page. The same page also contains an option to let you sign up for its newsletter.

The exposed databases were revealed a year after Facebook was forced to reckon with the Cambridge Analytica scandal. In 2014, a UK political consultancy was effectively able to exploit the social network by leveraging a quiz app to harvest the personal details on millions of Facebook users for the purpose of political ad targeting.

In response to scandal, Facebook pledged to audit thousands of third-party apps for potential privacy abuses. It's also been offering rewards to people who uncover third-party data misuse. But the efforts haven't been enough to rein in all the problems, according to UpGuard.

"The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook's control," the security firm said in its blog post. "These two situations speak to the inherent problem of mass information collection: the data doesn't naturally go away, and a derelict storage location may or may not be given the attention it requires."