Monday, 21 October 2019   Subscription to updates  RSS
Monday, 21 October 2019   Subscription to updates  RSS
Популярно
11:27, 02 July 2018

Quiz app on Facebook accidentally exposes information of 120M users


Quiz app on Facebook accidentally exposes information of 120M users

A quiz app on Facebook that can tell you which Disney princess you are has also been leaking the personal data of its 120 million customers.

The quiz app from Nametests.com was apparently storing the individual info of its users in a rather careless way the information was circulating through a public Javascript file that other websites could theoretically access.

&quotI was shocked to see that this data was publicly accessible to any third-celebration that requested it,&quot mentioned Inti De Ceukelaire, the Belgian security researcher who discovered the information leak.

On Wednesday, he published a weblog post, describing how the Javascript file might endanger the privacy of Nametests.com users. A third-celebration site could potentially exploit the Javascript file to see when incoming visitors have a Facebook profile. If the visitors do, the internet site could harvest particulars of the Facebook profiles, including name, age, birth date and gender.

A lot more From PCmag

De Ceukelaire demoed the threat by generating his own site that can fetch information from the quiz app’s Javascript file. Any customers of the quiz app who visited his internet site would not only get their Facebook data harvested, but also their pictures and friend’s list also.

&quotIt would only take a single pay a visit to to our internet site to obtain access to someone’s personal data for up to two months,&quot he wrote in his blog post. &quotI would envision you wouldn’t want any internet site to know who you are, let alone steal your details or pictures.&quot

The incident was discovered as Facebook is nevertheless facing some blowback from the Cambridge Analytica scandal, which involved a separate personality testing app. In that case, the app deliberately exploited Facebook’s data practices to harvest people’s individual data for political ad targeting purposes. As many as 87 million customers could have been impacted.

The information leak involving Nametest.com doesn’t seem to be deliberate. De Ceukelaire speculates that the flaw could have stemmed from a &quotrookie programming error.&quot Nonetheless, the data exposure has been going on given that at least the finish of 2016.

De Ceukelaire reported the dilemma to the Facebook in April by way of the company’s new bug bounty program, which was introduced in response to the Cambridge Analytica scandal.

&quotThis is specifically why we launched our Information Abuse Bounty Plan in April: to reward men and women for reporting potential difficulties,&quot Facebook said in a public post about the flaw, which the company helped to repair.

&nbsp

&quotTo be on the safe side, we revoked the access tokens for everybody on Facebook who has signed up to use this app. So men and women will need to re-authorize the app in order to continue utilizing it,&quot Facebook added.

The developers behind Nametests.com, Social Sweethearts, said it is also discovered no proof that poor actors ever abused the flaw.

Nevertheless, De Ceukelaire stated the whole incident raises critical queries more than how Social Sweethearts is handling the information of its customers. He also noted that it took Facebook over two months before it completed its investigation and ultimately patched the flaw. For the duration of that time the quiz apps from Nametests.com have been still up and operating.

&quotI am glad both Facebook and NameTests cooperated and resolved the concern,&quot he said in his weblog post. &quotOn the other hand, we can not accept that the info of hundreds of millions of customers could have been leaked out so simply. We can and need to do far better.&quot

To protect oneself, De Ceukelaire recommends that you delete any apps from Facebook that you happen to be no longer employing.

This write-up originally appeared on PCMag.com.

Published at Mon, 02 Jul 2018 11:00:00 +0000


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2019 News: Today's News Headlines, Breaking News & Recent News from the World
Дизайн и поддержка: GoodwinPress.ru