Click to Skip Ad
Closing in...

Quiz app exposed the data from 120M users while Facebook was telling the world it can be trusted

Published Jun 29th, 2018 7:45AM EDT
Facebook User Data
Image: Marcio Jose Sanchez/AP/REX/Shutterstock

The Cambridge Analytica scandal exposed what wasn’t really a secret, that Facebook is harvesting a lot of user data and that the data is shared with others. The privacy breach revealed that Facebook wasn’t doing enough to protect your privacy and that developers like Cambridge Analytica could take your data and your Facebook friends’ data and use it for whatever they wanted.

Since these revelations, Facebook has been trying to convince everyone that it can be trusted, that it will take measures to stop these practices, that your privacy matters to the company. But while it was performing this massive PR campaign, a different quiz app that had as many as 120 million users left their data exposed for others to see. Facebook was warned about it and needed many weeks to address and fix it properly.

There’s no telling exactly how many people have used the quiz app in question, and Nametests.com, the company behind the quizzes, says nobody abused it. But a researcher detailed the security issue on Facebook, revealing that the company did not take enough precaution to safeguard the data and that Facebook took a very long time to address the vulnerability.

Image source: Medium

Just because hackers could find someone’s Facebook data doesn’t mean anyone abused it. But, again, it goes to show that Facebook has a lot of work to do to win back our trust. Inti De Ceukelaire told Facebook about the issue on April 22nd, well after the Cambridge Analytica mess made the news around the world. Only two months later, on June 27th, did Facebook confirm that the matter had been fixed and that an $8,000 bounty had been paid to a charity chosen by the researcher (see the reply above).

What De Ceukelaire discovered was that Nametests.com left the data gathered from its users unprotected, and anybody who, like him, could find it, would walk away with plenty of information:

Depending on what quizzes you took, the javascript could leak your Facebook ID, first name, last name, language, gender, date of birth, profile picture, cover photo, currency, devices you use, when your information was last updated, your posts and statuses, your photos and your friends.

Even if you deleted the app, external websites could still read “your facebook id, first name, last name, language, gender, date of birth.” The only way to permanently fix it was to delete the cookies, as the company behind the quizzes doesn’t have a logout functionality — for more information about this new user data security vulnerability, hit this Medium post.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises. Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.