[ad_1]
A poll ( quiz ) on Facebook left private information of more than 120 million users in public without their consent, according to Inti De Ceukelaire, a security specialist.
The vulnerability was presented in an application developed by Social Sweethearts that worked as a survey with which users could enter their data and determine which Disney character they were ( What Disney Princess are you?). Facebook confirmed the vulnerability and said it had already been closed as part of its rewards program.
Ceukelaire discovered the problem when he did the survey like any other user and noticed that the application was collecting personal information from users. pictures and list of friends, it has been downloaded from the internet and could be accessed by a third party who asked for it.
The researcher says he warned Facebook on April 22 and that on June 25 the vulnerability had already disappeared. As part of the rewards program, Facebook offered to donate $ 4,000 to Ceukelaire, but the expert chose to donate the award to the Freedom Press Foundation.
The researcher and Facebook do not have the exact number of people affected and Social Sweethearts He does not offer a list of users in his quiz, but Ceukelaire says that there has 120 million active users who use the survey. The company behind the quiz said that there is no evidence that the information has been seen by third parties and claims to have improved its security to prevent it from recurring.
Facebook said that it has already blocked access to the quiz and restarted the connections, so if a user wants to go back on this survey, he will have to reconnect and give his permission to the information .
This vulnerability is revealed after Facebook launched a rewards program to find third-party applications with bugs or security issues that lead to users' private information leakage. This program began after the scandal of Cambridge Analytica .
Source link