Latest in Gear

Image credit:

Facebook quiz app maker exposed data on over 120 million users

Yet another shoddy app on the social network.
Rob LeFebvre, @roblef
June 28, 2018
Share
Tweet
Share

Sponsored Links

Inti De Ceukelaire

While Facebook tries to close the book on its Cambridge Analytica scandal, it's still dealing with many more. The FTC is conducting a non-public probe into the company's behavior around privacy data, the EU's stricter laws are making it hard for the company and they keep finding more apps that may have misused your data. Case in point: security researcher Inti De Ceukelaire has found that a quiz app from NameTests.com has been exposing user data for more than a year.

In a Medium post, De Ceukelaire notes that the javascript could potentially leak your Facebook ID, your first and last name and the language you speak, along with your gender, date fo birth, profile picture, cover photo, currency, the devices you use, the last update of your information, posts and statuses and your photos and friends. He also reports that this data had been publicly exposed since at least the latter part of 2016.

The researcher set up a website that would request information from the javascript that NameTests.com stored all the data it pulled from people who took quizzes like "Which Disney Princess Are You?" He found that it only took one visit to get access to someone's personal information for up to two months. He also provided video proof of the process, as embedded below. De Ceukelaire reported the issue to Facebook's Data Abuse program in April. NameTests.com apparently fixed the problem a few days ago, on June 25th. On the 27th, Facebook awarded him a $4,000 bug bounty, which was doubled when he donated it to charity, and wrote a post on its Bug Bounty page: "We appreciate Inti's work to identify this issue and Social Sweethearts' quick action to fix it on their site. This is exactly why we launched our Data Abuse Bounty Program in April: to reward people for reporting potential problems."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The Morning After: Our first impressions of the Xbox Series X

The Morning After: Our first impressions of the Xbox Series X

View
The Arcwave Ion is designed to 'give men a female orgasm'

The Arcwave Ion is designed to 'give men a female orgasm'

View
Scientists find evidence of multiple underground lakes on Mars

Scientists find evidence of multiple underground lakes on Mars

View
Xbox Series X first look: Fast, powerful and quiet

Xbox Series X first look: Fast, powerful and quiet

View
Microsoft thinks remote workers need a 'virtual commute'

Microsoft thinks remote workers need a 'virtual commute'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr