Millions of Facebook users' information exposed after using *another* personality app  - facebook profiles - Four-million Facebook users’ data wide open for anyone to download for years

Yet another instance of a Facebook app putting innocent users’ sensitive private at risk has been uncovered.

Six million people are thought to have completed tests set by the myPersonality Facebook app, with almost half agreeing to share details from their Facebook profiles with the understanding that data collected would be distributed “in an anonymous manner such that the cannot be traced back to the individual .”

However, it appears that the anonymisation was done in such a poor fashion that it might not be difficult for a determined party to de-anonymise the data and piece together intimate details of individuals using the rich data set.

That would be bad in itself, but things get worse according to a New Scientist report:

Academics at the University of Cambridge distributed the data from the personality quiz app myPersonality to hundreds of researchers via a website with insufficient provisions, which led to it being left vulnerable to access for four . Gaining access illicitly was relatively easy.”

Just how easy was gaining unauthorised access to the Facebook users’ data? Well, according to the report, if you knew how to Google it seems that you wouldn’t have too much trouble stumbling across the password 11; as it had been posted publicly for anyone to see on GitHub for four years:

The publicly available username and password were sitting on the code-sharing website GitHub. They had been passed from a university lecturer to some students for a course project on creating a tool for processing Facebook data. Uploading code to GitHub is very common in computer science as it allows others to reuse parts of your work, but the students included the working login credentials too.”

Thankfully – unlike the app at the centre of the Cambridge Analytica debacle – the myPersonality app did not also collect the data of users’ Facebook friends, otherwise the number of people put at risk would likely have been even worse.

Facebook suspended the myPersonality app in April of this year, four years after it started scooping up users’ information. Facebook says it has suspended approximately 200 other apps for using “large amounts” of profile information, pending investigations.

I’m pleased that Facebook is now trying to mop up these third-party apps which have broken users’ trust in the past, but to my mind it’s too late.

If you value your privacy, the only sensible step is to quit Facebook before worse things happen.

Check out our recent Smashing Security podcast where we discuss how to do precisely that.

- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 80 d mm r g - Four-million Facebook users’ data wide open for anyone to download for years

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, , and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Follow @gcluley





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here