It turns out that another Facebook quiz has been leaking data. The quiz had roughly 120M monthly users, so the fact that it hadn’t been shut down for a long time presents quite a problem.
In the midst of its Cambridge Analytica scandal back in April, Facebook announced its data abuse bounty, and soon after that a security researcher and self-styled “hacker” called Inti De Ceukelaire found an app with approximately 120 million monthly users that was leaking data. He proceeded to report the app to Facebook, but it took some time for Facebook to act. The app was still active over a month after it was reported.
The Facebook quiz came from a brand called NameTests.com, and it was exposing user data to “any third-party that requested it” through a javascript file vulnerability. The personal data being exposed since at least the end of 2016, was users’ full names, locations, ages, and even birthdays. De Ceukelaire also found that the Javascript also provided an access token allowing it to grant even more far-reaching data access permissions (users’ Facebook posts, photos, friends, etc) to third-party websites.
Image: Screenshot / Inti De Ceukelaire
“Depending on what quizzes you took, the javascript could leak your Facebook ID, first name, last name, language, gender, date of birth, profile picture, cover photo, currency, devices you use, when your information was last updated, your posts and statuses, your photos and your friends,” he explained in a Medium post.
Perhaps even more worrying was the fact that NameTests would still reveal its users’ identities even after a quiz was deleted as an app. Users would have to “manually delete the cookies on their device since NameTests.com does not offer a log out functionality,” in order to prevent the app from revealing users’ identities.
De Ceukelaire also contacted NameTests about its app but the company claims that it has found no evidence that personal data was exposed to unauthorised third parties. They did, however, say they’ll make changes to fix the issue.
In March, CEO Mark Zuckerberg announced that Facebook would “investigate all apps that had access to large amounts of information before [it] changed [its] platform to dramatically reduce data access in 2014” and “conduct a full audit of any app with suspicious activity.” As a result of that audit, Facebook has already suspended around 200 apps, but there are probably hundreds more out there.
You might also like
More from Facebook
Meta Is Killing Its Messenger For Apple Watch App
Meta announced it will remove the Messenger for Apple Watch app on May 31 “After May 31st, Messenger won’t be available …
Facebook And Instagram Start Selling Blue Checks With Meta Verified
Meta Verified will give you a blue check badge on both Facebook and Instagram, along with other benefits for $12 …
Meta Brings Back #BuyBlack Friday For A Third Year
Meta is bringing back #BuyBlack Friday for a third consecutive year in North America. Meta emphasized the importance of the Holiday …
Facebook Is Giving You More Controls Over What You See On Your Feed
Facebook is introducing new "show more" and "show less" controls to let you adjust what you want to see on …
Meta Introduces Facebook Reels API, Offering An Option To ‘Share To Reels’
Meta has introduced the Facebook Reels API, a solution allowing developers to build a 'share to reels' option into their …
Facebook Gets Into Delivery With DoorDash Partnership
DoorDash is partnering with Meta to pilot Facebook Marketplace deliveries across multiple cities in the U.S. Drivers will only transport items …
Meta Rolls Out Horizon Worlds In France And Spain
Meta Horizon Worlds, the VR community and game, is now available in France and Spain.
Meta Refreshes Facebook Groups With New Features
Facebook Groups now have an updated invitation system to reduce admin workloads and limit sharing of misinformation.
Meta Offers Digital Security Course For Journalists And Human Rights Defenders
The Meta Journalism Project and the ICFJ have put together a self-paced 90-minute course and webinars to provide online safety …
