A security researcher has revealed that the personality quiz app was exposing the details it had amassed to third-parties online since 2016.
In another massive leak, the private data of about 120 million users was compromised by a developer of Facebook quizzes called "NameTests", the media reported. A security researcher has revealed that the personality quiz app was exposing the details it had amassed to third-parties online since 2016.
The company behind "NameTests", a German app maker Social Sweethearts, created popular social quizzes like "Which Disney Princess Are You?" and distributed them on the social networking site. "Writing in a Medium post, the security researcher who filed the report — self-styled 'hacker' Inti De Ceukelaire explains, he went hunting for data abusers on Facebook's platform after the company announced a data abuse bounty on April 10 as it scrambled to present a responsible face to the world," TechCrunch reported late on Thursday.
The researcher said he began his search by noting down what third party apps his Facebook friends were using. "He already knew quizzes had a reputation for being data-suckers in a distracting wrapper. So he took his first ever Facebook quiz, from a brand called NameTests.com, and quickly realised the company was exposing Facebook users' data to 'any third-party that requested it'," the report added. The compromised data reportedly included names, date of birth, posts, status, photos and friend lists and kept getting leaked even after users deleted the app.
Ceukelaire attempted to contact Facebook about this multiple times and was told that the company would look into it, according to The Verge.
The social networking giant was hit by a major data scandal in March after Cambridge Analytica, a British consulting company, was accused of harvesting data of up to 87 million Facebook users without permission to help politicians, including US President Donald Trump and the Brexit campaign. Appearing before the US Congress, the company CEO Mark Zuckerberg told the lawmakers that his own personal data was part of the users' data that was 'improperly shared' with the British political consultancy firm.