[ad_1]
A quiz application on Facebook that can tell you which Disney princess you have also leaked the personal information of its 120 million users.
The Nametests.com quiz app apparently stored the personal information of its users in a rather carefree manner; Data circulated through a public Javascript file that other sites could theoretically access.
"I was shocked to see that this data was publicly available to any third party who requested it," said Inti De Ceukelaire. who discovered the data leak.
On Wednesday, he published a blog post, describing how the Javascript file could endanger the privacy of Nametests.com users. A third-party website could potentially exploit the Javascript file to see when incoming visitors have a Facebook profile. If visitors do, the site could collect details of Facebook profiles, including name, age, date of birth and gender.
De Ceukelaire demonstrated the threat by creating his own website. All app users who visited his site would not only receive their Facebook data, but also their photos and their friends list.
"It would only take one visit to our site to gain access to somebody's personal information for two months," he writes. in his blog. "I imagine you would not want a website to know who you are, let alone steal your information or your photos."
The incident was discovered because Facebook still faces a Scandal scandal due to the Cambridge Analytica personality test application.In this case, the app deliberately exploited Facebook's data practices to collect personal information from individuals for targeting purposes. up to 87 million users may have been affected.
Data leak involving Nametest.com does not appear to be deliberate. "De Ceukelaire speculates that the flaw may have resulted from a "rookie programming error". Data exposure continues since at least the end of 2016.
Ceukelaire reported the problem to Facebook in April through the company's new business bug bonus program, which was introduced in response to the scandal Cambridge Analytica. 19659002] " This is exactly the reason why we launched in April our bonus program against data abuse: to reward people who report potential problems," said Facebook in a public message. .com Facebook "border =" 0 "class =" 740 "src =" https://assets.pcmag.com/media/images/595632-nametests-com-facebook.png?thumb=y&width=980&height=936 "/ >
"For security reasons, we have revoked the access tokens for all Facebook users who have registered to use this application. "The developers behind Nametests.com, Social Sweethearts, have stated that there was no evidence that bad actors ever abused the loophole."
However, De Ceukelaire said that the whole incident raises serious questions. on how sweetheart social ts manages the data of its users. He also noted that it took Facebook more than two months to complete its investigation and finally patched the flaw. Meanwhile, the Nametests.com quiz applications were still operational.
"I'm glad that Facebook and NameTests have cooperated and solved the problem," he said in his blog. "On the other hand, we can not accept that information from hundreds of millions of users can easily be disclosed. We can and must do better."
To protect you, De Ceukelaire recommends that you remove any application from Facebook that you no longer use.
Source link