Popular Facebook quiz app exposes 120 million users' data

BY LEAH WILLIAMS
Posted on FEB 18, 2019

NameTests quizzes contained a security flaw that exposed user data.

Facebook quiz developer NameTests has exposed the personal information of approximately 120 million Facebook users, according to a report from TechCrunch.

The company behind NameTests, German app maker Social Sweethearts, created popular social quizzes such as "Which Disney Princess Are You?" and distributed them on Facebook, which contained roughly 120 million monthly users on the platform.
Self-described hacker Inti De Ceukelaire wrote a Medium post yesterday, outlining how the quizzes were collecting Facebook information involving names, birthdays, photos, and friend lists, displaying them in a JavaScript file.

Data could easily be retrieved by malicious third parties. Only months later, in June, Ceukelaire noticed that NameTests had changed the way user data was processed.

In the wake of the Cambridge Analytica data privacy scandal, in which tens of millions of users had their personal information collected, packaged, and sold to a third-party company, Facebook's management of data leaks and security breaches has acquired a more prevailing, heavier scrutiny.

In a statement given to TechCrunch, Social Sweethearts said there was no evidence personal data was exposed to third parties or that the data was ever misused. "As the data protection officer of Social Sweethearts, I would like to inform you that the matter has been carefully investigated," the statement reads, though it is not attributed to a named individual.

The company added, "The investigation found that there was no evidence that personal data of users was disclosed to unauthorized third parties and all the more that there was no evidence that it had been misused. Nevertheless, data security is taken very seriously at Social Sweethearts and measures are currently being taken to avoid risks in the future.

 

 

Comments