Data of 120 million Facebook users compromised through popular quiz-making platform NameTests: Hacker

By Sourabh Kulesh | Published on 02 Jul 2018
HIGHLIGHTS

Facebook has now revoked the access tokens for everyone on the platform who had signed up to use this app.

Data of 120 million Facebook users compromised through popular quiz-making platform NameTests: Hacker

Want to modernise your banking loan application?

Build an application that analyses credit risk with #IBMCloud Pak for Data on #RedHat #OpenShift

Click here to know more

Advertisements

While Facebook is still struggling to recover from the damage it incurred from the Cambridge Analytica scandal, another issue seems to be shrouding the social media giant. A hacker has claimed that popular quiz-making platform on Facebook Nametests has been publicly exposing the information of more than 120 million monthly users for years. The vulnerability has been plugged and Facebook’s Bug Bounty Program, which checks apps running on the social media platform and curbs users’ data shared through them, has been credited for the latest development.

According to Inti De Ceukelaire, Nametests have been developing quizzes, like a personality test, on Facebook and through those quizzes, third party entities had accessed users private information, friends list, posts and photos. The matter came to fore when De Ceukelaire took a quiz and while loading a test, he noticed that the website fetched his personal information and display it on the webpage. “In theory, every website could have requested this data. The data also includes a ‘token’ which gives access to all data the user authorised the application to access, such as photos, posts and friends. I was shocked to see that this data was publicly available to any third-party that requested it,” he wrote in a blog.

To confirm that Nametests actually shares the users’ information, the hacker set up a website that would connect to Nametests and get some information about the visitors who visit the newly-made website. He found that apart from the users’ info, Nametests would also provide a secret key called an access token, which, depending on the permissions granted, could be used to gain access a visitor’s posts, photos and friends. “It would only take one visit to our website to gain access to someone’s personal information for up to two months,” he claimed.

In April, the hacker reported this to Facebook’s Data Abuse program which the company started to clean up the mess created by the Cambridge Analytica issue. CEO Mark Zuckerberg also announced an audit of apps running on the platform and said that the company would “investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and will conduct a full audit of any app with suspicious activity”. It has already suspended around 200 apps as a result of the ongoing audit but it seems Nametests was not audited yet.

After the hacker reported the developments, Facebook started looking into the complaint and in May, the company said that “it could take three to six months to investigate the issue.” By June end, Nametests changed the way it processes data and third-parties could no longer access its users personal information. The hacker apprised Facebook about the development and the social media giant confirmed that its has “revoked the access tokens for everyone on Facebook who has signed up to use this app. So people will need to re-authorize the app in order to continue using it.”

logo
Sourabh Kulesh

A journalist at heart; has knowledge of a wide gamut of topics related to enterprise and consumer tech.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status