Facebook is auditing apps on its platform to avoid another Cambridge Analytica fiasco, but its efforts might be in vain since a new report claims that personal data of 3 million Facebook users was published on a low quality website after a popular personality quiz collected the said data from unsuspecting Facebookers.
According to a report by New Scientist, data of 3 million facebook users has been exposed because of participating in the myPersonality quiz on the platform. The myPersonality quiz app on Facebook collected answers to intimate questions it asked users and data from the app was then shared with hundreds of researchers by academics at the University of Cambridge. The personal data was then left exposed on the internet for four years as per the report and since it was published on an unsecure website, it was easily accessible to anyone who wanted to view it.
New Scientist claims that it was able to access this user data “illicitly” since the website where it was published had “insufficient security provisions.” As per the report, the leaked user data of 3 million Facebook users was “highly sensitive” and gave out personality details of the affected users, including results from psychological tests. The report further claims that the collected data was intended to be stored and shared anonymously, but the lack of proper security protocols led to it being easily accessible by anyone.
As part of its platform cleanup, Facebook says that it has removed more than 200 third-party apps which failed to comply with its privacy policies. While Facebook removed the myPersonality app from its platform on April 7, more than 6 million users have already taken the quiz, nearly half of which agreed to share data from their Facebook profiles with the app. The silver lining is that names of the users were removed before the collected data was published on the website, but questions are certainly being raised as to the authenticity of the anonymisation process.
To gain access to this huge data set, people were able to register with the project as collaborators and as per the report, around 280 people from 150 institutions did this. Those who were granted complete access to this user data set were “researchers at universities and at companies like Facebook, Google, Microsoft and Yahoo.”
Those who were not granted access to the data set could make use of a username and password easily available on GitHub for the last four years. “Anyone who wanted access to the data set could have found the key to download it in less than a minute,” the report says.
“We are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it,” Ime Archibong, Facebook’s Vice President of Product Partnerships told New Scientist. “We are aware of an incident related to the My Personality app and are making enquiries,” a spokesperson for the US Information Commissioner’s Office told the publication.