Latest in Gear

Image credit: Inti De Ceukelaire

Facebook quiz app maker exposed data on over 120 million users

Yet another shoddy app on the social network.
416 Shares
Share
Tweet
Share
Save

Sponsored Links

Inti De Ceukelaire

While Facebook tries to close the book on its Cambridge Analytica scandal, it's still dealing with many more. The FTC is conducting a non-public probe into the company's behavior around privacy data, the EU's stricter laws are making it hard for the company and they keep finding more apps that may have misused your data. Case in point: security researcher Inti De Ceukelaire has found that a quiz app from NameTests.com has been exposing user data for more than a year.

In a Medium post, De Ceukelaire notes that the javascript could potentially leak your Facebook ID, your first and last name and the language you speak, along with your gender, date fo birth, profile picture, cover photo, currency, the devices you use, the last update of your information, posts and statuses and your photos and friends. He also reports that this data had been publicly exposed since at least the latter part of 2016.

The researcher set up a website that would request information from the javascript that NameTests.com stored all the data it pulled from people who took quizzes like "Which Disney Princess Are You?" He found that it only took one visit to get access to someone's personal information for up to two months. He also provided video proof of the process, as embedded below. De Ceukelaire reported the issue to Facebook's Data Abuse program in April. NameTests.com apparently fixed the problem a few days ago, on June 25th. On the 27th, Facebook awarded him a $4,000 bug bounty, which was doubled when he donated it to charity, and wrote a post on its Bug Bounty page: "We appreciate Inti's work to identify this issue and Social Sweethearts' quick action to fix it on their site. This is exactly why we launched our Data Abuse Bounty Program in April: to reward people for reporting potential problems."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
416 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best consoles, games and accessories for students

The best consoles, games and accessories for students

View
Ask Engadget: What are the best outdoor navigation apps?

Ask Engadget: What are the best outdoor navigation apps?

View
Lamborghini teaser hints at a hybrid 'hypercar'

Lamborghini teaser hints at a hybrid 'hypercar'

View
Ewan McGregor will play Obi-Wan Kenobi again in a new 'Star Wars' show

Ewan McGregor will play Obi-Wan Kenobi again in a new 'Star Wars' show

View
Watch the first trailer for Disney's 'The Mandalorian'

Watch the first trailer for Disney's 'The Mandalorian'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr