It turns out that another Facebook quiz has been leaking data. The quiz had roughly 120M monthly users, so the fact that it hadn’t been shut down for a long time presents quite a problem.
In the midst of its Cambridge Analytica scandal back in April, Facebook announced its data abuse bounty, and soon after that a security researcher and self-styled “hacker” called Inti De Ceukelaire found an app with approximately 120 million monthly users that was leaking data. He proceeded to report the app to Facebook, but it took some time for Facebook to act. The app was still active over a month after it was reported.
Perhaps even more worrying was the fact that NameTests would still reveal its users’ identities even after a quiz was deleted as an app. Users would have to “manually delete the cookies on their device since NameTests.com does not offer a log out functionality,” in order to prevent the app from revealing users’ identities.
De Ceukelaire also contacted NameTests about its app but the company claims that it has found no evidence that personal data was exposed to unauthorised third parties. They did, however, say they’ll make changes to fix the issue.
In March, CEO Mark Zuckerberg announced that Facebook would “investigate all apps that had access to large amounts of information before [it] changed [its] platform to dramatically reduce data access in 2014” and “conduct a full audit of any app with suspicious activity.” As a result of that audit, Facebook has already suspended around 200 apps, but there are probably hundreds more out there.