Quiz app on Facebook accidentally exposes information of 120M users
A quiz app on Facebook that can tell you which Disney princess you are has also been leaking the personal data of its 120 million customers.
"I was shocked to see that this data was publicly accessible to any third-celebration that requested it," mentioned Inti De Ceukelaire, the Belgian security researcher who discovered the information leak.
"It would only take a single pay a visit to to our internet site to obtain access to someone’s personal data for up to two months," he wrote in his blog post. "I would envision you wouldn’t want any internet site to know who you are, let alone steal your details or pictures."
The incident was discovered as Facebook is nevertheless facing some blowback from the Cambridge Analytica scandal, which involved a separate personality testing app. In that case, the app deliberately exploited Facebook’s data practices to harvest people’s individual data for political ad targeting purposes. As many as 87 million customers could have been impacted.
The information leak involving Nametest.com doesn’t seem to be deliberate. De Ceukelaire speculates that the flaw could have stemmed from a "rookie programming error." Nonetheless, the data exposure has been going on given that at least the finish of 2016.
De Ceukelaire reported the dilemma to the Facebook in April by way of the company’s new bug bounty program, which was introduced in response to the Cambridge Analytica scandal.
"This is specifically why we launched our Information Abuse Bounty Plan in April: to reward men and women for reporting potential difficulties," Facebook said in a public post about the flaw, which the company helped to repair.
"To be on the safe side, we revoked the access tokens for everybody on Facebook who has signed up to use this app. So men and women will need to re-authorize the app in order to continue utilizing it," Facebook added.
The developers behind Nametests.com, Social Sweethearts, said it is also discovered no proof that poor actors ever abused the flaw.
Nevertheless, De Ceukelaire stated the whole incident raises critical queries more than how Social Sweethearts is handling the information of its customers. He also noted that it took Facebook over two months before it completed its investigation and ultimately patched the flaw. For the duration of that time the quiz apps from Nametests.com have been still up and operating.
"I am glad both Facebook and NameTests cooperated and resolved the concern," he said in his weblog post. "On the other hand, we can not accept that the info of hundreds of millions of customers could have been leaked out so simply. We can and need to do far better."
To protect oneself, De Ceukelaire recommends that you delete any apps from Facebook that you happen to be no longer employing.
This write-up originally appeared on PCMag.com.
Published at Mon, 02 Jul 2018 11:00:00 +0000