Again, personality Quiz So Biang Facebook User Data

KOMPAS.com – The scandalous abuse of Facebook user data conducted by the Cambridge Analytica Quiz application as if only the tip of the iceberg phenomenon. After the problem appeared last March, several quiz applications like "You Are What You" and "myPersonality" also collect user data.

This time, another Facebook app called "NameTests" is suspected of having a weak security system. A total of 120 million Facebook user data exposed openly and can be found by anyone who can find it.

The discovery was revealed by hacker white aka "ethical hacker", Inti De Ceukelaire. De Ceukelaire explains if this case was reported to the Data Abuse Bounty program, a contest organized to find a user data leak application.

Having never tried the quiz personally before, they looked for the application on the friend account that installed it. Then they follow how the user data is collected from the application. Apparently, the user information of the application NameTests is obtained from the URL http://nametests.com/appconfig_user.

See also: Bug on Facebook Create pictures of the private user dispersed in public

The data of their friend account Make it a trial version, illustrated in JavaScript files that are easily solicited by d & # 39; other sites for specific purposes. They pointed out a Facebook user who visited the abal-abal site with low security.

The site can ask NameTests if the visitor has a Facebook account or not. If that is the case, the abal-abal site had the potential to download some data from the user. In addition, NameTest also provides an access token that allows incessant sites to continuously access user information for two months.

The information entered is the name, the date of birth, the photo and the list of friends. However, according to De Ceukelaire, the data obtained depend on the type of quiz followed by the user.

"What kind of quiz, JavaScript can filter Facebook, first name, surname, language, gender, language, date of birth, profile pictures, cover photos, exchange rates, used devices, and also your friends, "writes De Ceukelaire

In the blog Medium De Ceukelaire summary KompasTekno via Gizmodo On Friday (29/06/2018), they have reported this to Facebook since April 22, 2018. Eight days later, Facebook responded and said it took them three to six months to investigate the report.

The following month, De Ceukelaire checks to see if Facebook has contacted the developer NameTests on the case.Until June 25, there is no response from Facebook.

Read also: Facebook Gives user data to 60 smartphones vendors

They checked on the website NameTests and found improvements According to De Ceukelaire, Facebook took about a month to solve the problems they found.

NameTests's parent, the Germany-based Social Sweetheart, replied

"From the survey, there is no evidence that data personal users are referred to an illegal third party, otherwise there is no evidence that the data are misused, "he explained.

They added that if data security became the subject of Social Sweethearts.