TechCrunch recently broke the news about yet another colossal data leak that affects millions of Facebook users. The online tech news website reported that a popular quiz app called Nametests.com might have unintentionally leaked sensitive data of roughly 120 million Facebook users. Before we continue, we wanted to highlight the scale of the leak by clarifying that the infamous Cambridge Analytica scandal that shook the world a few months ago involved the details of only 87 million people.
The leak was spotted by a young ethical hacker who stumbled upon personal information of Facebook users that had been left exposed and readily available to third parties to examine and use. People’s personal details have been leaked the moment they launch the app to take a personality quiz on the Nametests.com Facebook app. The cybersecurity activist said that the data might have been exposed for more than two years.
The leak has affected the details of everyone who has taken a personality test owned by Nametests.com on Facebook. Such tests may have included ‘What is your sexy nickname based on your photo?’ and ‘What does your facial analysis have to say about your personality?’ and ‘Which Disney princess are you?’. The Belgian hacker who found the leak said that ‘the website behind the quizzes, recently fixed a flaw that publicly exposed information of their more than 120 million monthly users — even after they deleted the app.’ The leaked data included names, DOB, images, status updates, and more.
Nametests.com were not aware of the issue, and they worked to resolve it immediately after it was brought to their attention. Nametests.com is a Facebook application that has been around for years. The app is owned by a European company called Social Sweethearts. The German company market themselves as global digital publishers of individualized content and claim to have 250 million registered users and nearly 3 billion monthly users.
Social Sweethearts said in a statement to POLITICO that there is “no evidence that personal data of users was disclosed to unauthorized third parties and all the more that there was no evidence that it had been misused.” However, the Belgian cybersecurity activist highlighted the fact that it would have been almost impossible for Nametests.com to find any evidence of data misuse, as the data has been available through simple website monitoring. It is currently unknown if the leaked data has been misused.
Facebook continues to walk on thin ice as they just patented a system that can use your cellphone’s mic to monitor your TV habits which raises a whole lot of privacy questions; their data was misused and allegedly influenced the last presidential US elections; and a few weeks ago we reported on a data leak that affected roughly 3 million Facebook users.
Facebook is still working hard on terminating the existence of apps that might be abusing their data; developed a more transparent way of advertising and now allow everyone to see in real time all ads that are running globally on the social media platform; and even started a data abuse bounty where they reward cyber experts who manage to find evidence of Facebook data abuse. Facebook made an $8,000 donation to Freedom of the Press Foundation as a request by the white hat hacker who brought the Nametests.com leak to their attention.
Panda Security reminds you always to have software that can help you get rid of apps you do not use, and can assist you in cleaning potentially unwanted files.