Latest in Security

Image credit: Stephen Lam / Reuters

Researchers may have exposed Facebook quiz data on 3 million users

Pretty much anyone could access a website storing responses to a personality app's questions.
434 Shares
Share
Tweet
Share
Save
Stephen Lam / Reuters

Once again, an app on Facebook has been linked to potential exposure of personal information. Researchers stored responses from a personality application running on the social network on an insecure website, which could have exposed answers from up to 3 million users, according to a New Scientist report. While this isn't as severe as the Cambridge Analytica leak, it's distantly connected. The data was held by academics from the University of Cambridge's Psychometrics Centre -- and the project had previously involved Alexandr Kogan, the researcher embroiled in the Cambridge Analytica scandal.

Half of the six million users who participated in the app, myPersonality, gave permission to share their responses and data. The Psychometrics Centre distributed answers from the personality quiz to hundreds of researchers using an unsecured website, which left those personal and sometimes intimate responses open for four years. But it also included information like age, gender, location and status updates, all of which were tied to a unique ID, which would make it easy to 'de-anonymize' the person. While only academics were given access, a working username and password was reportedly available and easily searchable online for the last four years.

Facebook confirmed to Engadget that it finally suspended the app from the platform on April 7th for passing along user data to others, and may be permanently banned depending on the results of the social network's ongoing investigation. Today's report comes shortly after Facebook released results from is self-audit checking whether the apps running on the platform had misused personal data. The social network ended up suspending 200 applications for doing so, one of which was myPersonality. The social network has pledged to inform affected users, as it had with those exposed to Cambridge Analytica.

From around the web

ear iconeye icontext filevr