Facebook quiz app may have exposed personal data of 120 million users
Quiz apps on Facebook may have leaked the personal information of 120 million users who played quiz games.
A security researcher who goes by the handle Inti De Ceukelaire elaborated on how he discovered the leak through a statement uploaded on Medium, as reported by TechCrunch.
Article continues after this advertisementDe Ceukelaire claimed he took part in the Facebook data abuse bounty program, which launched on April 10. He then started looking at third-party apps, which his Facebook friends used, and noted that quizzes were among the most popular.
When De Ceukelaire tried a quiz from NameTests.com, he found that the site exposed Facebook users’ data to “any third-party that requested it.” He deduced that the site had exposed users’ data through javascript. De Ceukelaire explained that javascript could share files between websites freely as part of its basic functions. Unfortunately, Facebook users who took a quiz from NameTests.com had their data saved in a javascript file, according to the report.
De Ceukelaire estimated people’s data had been publicly exposed since at least the end of 2016. He then reported his findings to Facebook on April 22 this year.
Article continues after this advertisementMeanwhile, De Ceukelaire’s correspondence with NameTests.com revealed no evidence of third-party abuse, which means the users may have kept their privacy until the vulnerability’s discovery. The company also claimed to have implemented more bug tests to help prevent future issues such as what De Ceukelaire found. Alfred Bayle /ra
RELATED STORIES:
WATCH: Sleeping car passenger gets funny wake-up call, lesson on how to sit properly
Facebook starts trial run for subscription groups
Facebook enables downvote feature for select users