Facebook is guilty of exposing users to a quiz service, that leaked personal data from 120 million accounts over years.
Facebook is guilty of exposing users to a quiz service that leaked personal data from 120 million accounts over years. This was first reported by TechCrunch, that found quiz service site Nametests.com had leaked this data, even after Facebook’s internal audit had deleted the service. The audit was conducted to meet the standards of the European Union’s General Data Privacy Regulation (GDPR), that came into effect from May 25.
NameTests is the service behind popular Facebook quizzes, such as “What Would You Look Like As a Drawing?”, and “What Will You Leave behind You in 2018?”. The vulnerability was reported by hacker Inti de Cekuelaire, who is a member of Facebook’s Bug Bounty Program. Soon after the Cambridge Analytica scandal emerged, Facebook created a data abuse program, that allowed developers like Cekuelaire to detect and report apps and services that consumed user data heavily. Many of these services have supplied data to various political agencies, that have designed campaigns for the 2016 US presidential elections, and maybe polls in India as well.
Through the quizzes posted by NameTests, Cekuelaire had found that the app was storing his personal details in a javascript file. These allow the app to send, and possibly sell, the data sets obtained from Facebook’s users to third-party services. In addition, it was also noted that NameTests created a secret key for third parties, through which, based on the level of permissions granted, NameTests would disclose a user’s posts, friends, and photos. This violation would persist, as NameTests did not create a logout system, so Facebook users would only be able to clear their disclosed data by clearing the cookies on their internet browsers.
NameTests claimes in its policy statement, “We work together with various technological partners who, for example, display advertisements on the basis of user data.” In addition, it states that usernames are kept anonymous, in order to maintain privacy. On locating the flaw to Facebook, the social network awarded the bounty amount of $8000, that was donated to the Freedom of the Press Foundation. Similar activities were also spotted by Aleksandr Kogan, a former analyst with Cambridge Analytica, who quoted the social network saying that ‘users should know their data is for sale’. Ongoing investigations into the data leak, known to have affected 87 million users, led to the eventual bankruptcy and shutdown of the political consultancy.