[ad_1]
This led the hacker Inti De Ceukelaire to examine the most popular applications of Facebook will find a serious security hole behind the site Nametests.com, which provides much of the tests, quizzes, challenges and viral games that fill the social network.
Although it is not a novelty that this type of applications access many data when users give them the necessary permissions to do the tests, Ceukelaire discovered that a failure on the site of Nametests expose the information of at least 120 million monthly users to third parties.
According to the test to which they had access Users, the Nametests would have information such as: the identification of their Facebook account, name, surname, language, sex, date of birth, profile picture, photo of cover, currency, devices they use, when they last updated their information, their publications and reports, their photos and photos of their friends. All this without the users being able to detect it.
Moreover, according to Ceukelaire, the user's information was still vulnerable even when they decided to revoke the permissions and eliminate the application of their Facebook accounts. This could increase the number of people affected.
Although Facebook's various tests have been severely criticized for their massive collection and greedy data permits, the leakage of Nametests information has a special element that makes the information more vulnerable. of its users.
Unlike other applications that collect information and sell it directly to third parties, this site has collected data from its users using javascript, a programming language that has as a basic principle the ability to share In other words, the data collected by Nametests in its various tests, games and challenges were at the mercy of all those who found the flaw, exposing more than two years User data javascript that exceed the 120 million that are currently active on the platform, all without the platform having a cadastre of those who accessed the information.
At the present time, there is no evidence to indicate whether the information exposed by Nametests discovered by third parties and how much it has discovered. But Ceukelaire ensures that for experts in the field the fault is something very simple to detect.
It is also impossible to establish clearly whether Nametests were aware of the failure during this time, but in their conditions of service they are separated from
of Facebook they assure that the problem is already set, but in any case, if you want to make sure that your information and you decide to revoke the access of Nametests.com, it is advised that in addition delete the application from your account, Also manually delete cookies from your device since NameTests does not offer a disconnect option.
On the other hand, the hacker who discovered the flaw has created a video explaining its operation, and you can examine it below:
to information from MOUSE.LATERCERA.COM
Source link
