To confirm that Nametests actually shares the users’ information, the hacker set up a website that would connect to Nametests and get some information about the visitors who visit the newly-made website. He found that apart from the users’ info, Nametests would also provide a secret key called an access token, which, depending on the permissions granted, could be used to gain access a visitor’s posts, photos and friends. “It would only take one visit to our website to gain access to someone’s personal information for up to two months,” he claimed.
In April, the hacker reported this to Facebook’s Data Abuse program which the company started to clean up the mess created by the Cambridge Analytica issue. CEO Mark Zuckerberg also announced an audit of apps running on the platform and said that the company would “investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and will conduct a full audit of any app with suspicious activity”. It has already suspended around 200 apps as a result of the ongoing audit but it seems Nametests was not audited yet.