A flaw on a third-party application exposed the data of 120 million Facebook users.
Be wary of quiz applications on social networks. Even if they look harmless, they can sometimes collect impressive amounts of data. As a reminder, it is through a personality test that a developer was able to collect personal data on tens of millions of people, in order to pass them on to the company Cambridge Analytica.
Recently, another quiz application was associated with a flaw that exposed the 120 million data of Facebook users. It was Inti De Ceukelaire, a computer security specialist, who found this bug.
In a blog post, he writes: "Nametsts.com, the site that is behind the quizzes, recently repaired a flaw that publicly exposed the information of its more than 120 million active users per month, even after deleting the application".
"Have you ever had a personality test on Facebook? For years, anyone could have access to your private information, friends, messages and photos, "he also warns.
For his part, Facebook confirms that after reporting this fault by Ceukelaire, he worked with the developer of Nametests to repair the flaw. Facebook has also revoked all application access to user data. To continue using the app, they will need to reconnect their Facebook accounts.
Facebook rewards those who report flaws and abuses
The flaw was reported as part of Facebook's Bounty Bug program for data. Launched after the Cambridge Analytica scandal, this program rewards people who report abuse of personal data to Facebook.
We appreciate the work of Inti to identify this problem and the rapid action of Social sweethearts (Editor's note, the developer of Nametest) to correct it on their site. This is exactly why we launched our Bounty Data abuse program in April: to reward people who report potential problems, writes Facebook.
Since the outbreak of the Cambridge Analytica scandal, Facebook has shown itself to be more transparent and scans applications that use user data through its platform. And it is possible that these new efforts reveal other leaks or abuses of data.