Another Facebook data breach exposed 3 million users' details

Intimate details of FB users are exposed from the quiz app myPersonality

According to the latest news, Facebook has encountered another major data breach. Answers to personality questionnaires were left for anyone to access for almost four years. Researchers claim that the personality quiz app used to gather information was called myPersonality.

Once the confidential data was collected, there were insufficient measures taken to protect the information when distributing it to the researchers. Academics at the University of Cambridge left the details vulnerable and for anyone to access relatively easy for almost four years^[1].

Experts say that the data included highly sensitive information, including results of psychological tests^[2]. Chris Sumner from the Online Privacy Foundation reports the following:

This type of data is very powerful and there is real potential for misuse, <…>

Even though Facebook suspended the app on April 7, more than 6 million people have completed the tests on myPersonality and provided sensitive information about their private life. Moreover, almost half of them agreed to share the data with the researchers, and now it is exposed.

Information how to access the private Facebook users' data was uploaded on GitHub

Those who didn't have legal access to the sensitive data could have accessed it within a single search. It is because the valid username and password have been uploaded to the web-based hosting service, called GitHub for four years^[3]. Likewise, anyone could easily download the files in several minutes.

This happened because the lecturer at the university has provided the login details to the students to create a tool for Facebook data processing. While GitHub is usually used to share and allow others to partially use your work, students uploaded them. Unfortunately, they included a valid login and password as well.

Exposed data contained highly sensitive information about FB users

According to the researchers, the information provided psychology test results of 3.1 million Facebook users. This data is used to evaluate people's characteristics and understand whether they are agreeable, neurotic, conscientious, etc.

Moreover, certain people could access around 22 million status updates from more than 150 thousand users^[4]. The details also included users' gender, age and relationship status from almost 4.3 million people.

Pam Dixon, from the World Privacy Forum, emphasizes the following^[5]:

If at any time a username and password for any files that were supposed to be restricted were made public, it would be a consequential and serious issue <…> Not only is it a bad security practice, it is a profound ethical violation to allow strangers to access files.