Tests for Facebook expose data from 120 million users

A company that develops quizzes for Facebook would have been responsible for the data exposure of more than 120 million users of the platform. The turn of the hour is NameTests.com, a site that is part of the service role of the German company Social Sweethearts, behind tests that have become popular mainly in Europe.

Among the options available, there were tests that allowed discovering Disney Princess or Avengers member the user would be. Participant data was collected and stored in a JavaScript file, which according to Inti De Ceukelaire, the expert responsible for disclosure of the violation, could be easily accessed by criminals and used for malicious purposes.

The Facebook profile was connected to the company's systems for testing. With this, data such as name, birthday, photos and friends list have been stored in a simple way, and could be misused by third parties. However, Social Sweethearts badures us that this did not happen.

In a statement provided to the press, the company claims that there is no evidence that data stored in a vulnerable form has been accessed or used by unauthorized personnel. In addition, the company claims to have investigated the case as soon as it received the vulnerability information and took the necessary corrective action to provide more protection to the collected information that would be required for its applications.

This is an allegation corroborated also by Facebook. The social network said that he had been informed of the issue through his program of bugs and data abuse, which offers rewards in exchange for results related to the security of its services. The company claims to have worked with NameTests to fix the problem, with a change in security settings that was applied earlier this month to close the vulnerability.

Ceukelaire, however, points out that the situation was not so clear He does not confirm that he is responsible for reporting the results to Facebook, but said he contacted the company. company repeatedly on the subject, receiving no response, and was informed that the company would investigate the case. It confirms however that security measures were implemented by the quiz company in June and that the failure has already been corrected

. However, there is no information on possible sanctions against Social Sweethearts or its Facebook related services. In April, at the height of the Cambridge Analytica scandal, which led to the misuse of hundreds of millions of social network users, the company announced that a first internal audit would have resulted in the suspension more than 200 applications due to security protocols. less than necessary.

It is important to note that, unlike what happened with Cambidge Analytica, the data collected by NameTests was public and its storage has pbaded. with the permission of the users. The problem here is in the way the company uses to store such information, making it available to hackers to carry out attacks or attempted coups.

Yet, as Ceukelaire points out, this is another case of business non-Facebook users who are far from paying attention to the information of their users. The social network is committed to changing, since the case of Cambridge Analytica, and has closed the seat with regard to the availability of user information and its use by third parties. Waiting for others to have the same kind of caution, though, can be a little too much.

In doubt, it is better to do nothing. Avoid using services that leverage Facebook data to provide additional results or options unless you trust the company responsible for what is on offer. You probably do not need to know what Disney Princess would be like, so it's better to be safe and live without this information than to have the unpleasant surprise of being part of a big data leak. and to expose your information there.

Bargains, Coupons, Free Things? Join our WhatsApp and Facebook DISCOUNTS GROUP and always guarantee the lowest price on your technology purchases.