Data of 120 million Facebook users compromised through popular quiz-making platform NameTests: Hacker

Facebook has now revoked the access tokens for everyone on the platform who had signed up to use this app.

By Sourabh Kulesh | Published 02 Jul 2018 14:41 IST
HIGHLIGHTS
  • Facebook has now revoked the access tokens for everyone on the platform who had signed up to use this app.

Data of 120 million Facebook users compromised through popular quiz-making platform NameTests: Hacker
Data of 120 million Facebook users compromised through popular quiz-making platform NameTests: Hacker

While Facebook is still struggling to recover from the damage it incurred from the Cambridge Analytica scandal, another issue seems to be shrouding the social media giant. A hacker has claimed that popular quiz-making platform on Facebook Nametests has been publicly exposing the information of more than 120 million monthly users for years. The vulnerability has been plugged and Facebook’s Bug Bounty Program, which checks apps running on the social media platform and curbs users’ data shared through them, has been credited for the latest development.

According to Inti De Ceukelaire, Nametests have been developing quizzes, like a personality test, on Facebook and through those quizzes, third party entities had accessed users private information, friends list, posts and photos. The matter came to fore when De Ceukelaire took a quiz and while loading a test, he noticed that the website fetched his personal information and display it on the webpage. “In theory, every website could have requested this data. The data also includes a ‘token’ which gives access to all data the user authorised the application to access, such as photos, posts and friends. I was shocked to see that this data was publicly available to any third-party that requested it,” he wrote in a blog.

To confirm that Nametests actually shares the users’ information, the hacker set up a website that would connect to Nametests and get some information about the visitors who visit the newly-made website. He found that apart from the users’ info, Nametests would also provide a secret key called an access token, which, depending on the permissions granted, could be used to gain access a visitor’s posts, photos and friends. “It would only take one visit to our website to gain access to someone’s personal information for up to two months,” he claimed.

In April, the hacker reported this to Facebook’s Data Abuse program which the company started to clean up the mess created by the Cambridge Analytica issue. CEO Mark Zuckerberg also announced an audit of apps running on the platform and said that the company would “investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and will conduct a full audit of any app with suspicious activity”. It has already suspended around 200 apps as a result of the ongoing audit but it seems Nametests was not audited yet.

After the hacker reported the developments, Facebook started looking into the complaint and in May, the company said that “it could take three to six months to investigate the issue.” By June end, Nametests changed the way it processes data and third-parties could no longer access its users personal information. The hacker apprised Facebook about the development and the social media giant confirmed that its has “revoked the access tokens for everyone on Facebook who has signed up to use this app. So people will need to re-authorize the app in order to continue using it.”

Sourabh Kulesh
Sourabh Kulesh

Email Email Sourabh Kulesh

About Me: A journalist at heart; has knowledge of a wide gamut of topics related to enterprise and consumer tech. Read More

Advertisements

Trending Articles

Advertisements

LATEST ARTICLES View All

Advertisements

Hot Deals View All

AGARO 33511 MAGMA Air compression leg massager with handheld controller, 3 massage mode and intensity for feet, calf and thigh Massager  (Black)
AGARO 33511 MAGMA Air compression leg massager with handheld controller, 3 massage mode and intensity for feet, calf and thigh Massager (Black)
₹ 6199 | $hotDeals->merchant_name
IRIS Fitness Leg and Foot Massager  (Red)
IRIS Fitness Leg and Foot Massager (Red)
₹ 10999 | $hotDeals->merchant_name
ARG HEALTH CARE Leg Massager for Pain Relief Foot, Calf and Leg Massage with Vibration and Heat Therapy (Golden)
ARG HEALTH CARE Leg Massager for Pain Relief Foot, Calf and Leg Massage with Vibration and Heat Therapy (Golden)
₹ 15499 | $hotDeals->merchant_name
HP 15.6 LAPTOP BAG Backpack  (Black, Black, 25 L)
HP 15.6 LAPTOP BAG Backpack (Black, Black, 25 L)
₹ 275 | $hotDeals->merchant_name
ah arctic hunter Anti-Theft 15.6 inches Water Resistant Laptop Bag/Backpack with USB Charging Port and for Men and Women (Black)
ah arctic hunter Anti-Theft 15.6 inches Water Resistant Laptop Bag/Backpack with USB Charging Port and for Men and Women (Black)
₹ 2699 | $hotDeals->merchant_name
DMCA.com Protection Status