Facebook Quiz app developer exposed data of 120million users

by Olivia Morelli - - 2018-06-29

Another Facebook scandal regarding Quiz apps and exposed data

Facebook Quiz app exposes data from 120 million people

After the infamous Cambridge Analytica scandal, Facebook is dealing with new problems. According to the latest findings, the popular third-party quiz app, using Facebook as a convenient way for its users to log in, has exposed data from as much as 120 million people.

The company which is responsible for the data breach is called Social Sweethearts, and the website behind this attack is “Which Disney princess are you?” (NameTests(dot)com). The site generates various quizzes for the social media and offers a quick way to sign up to the main website by using Facebook form. Signing up allows NameTests to collect necessary information about the user after he or she gives permission to use this data for their own needs.

However, the popular hacker known as Inti De Ceukelaire found^[1] that this website is leaking its users' details to other websites open on the browser. This way, it can give access to sensitive data for any malicious website. According to Ceukelaire, Facebook information like names, birthdays, photos and friend lists are displayed in a JavaScript file which can be easily obtained by third-party criminals.

It seems that Facebook is aware of this situation. The company says that the recent scandals, no matter that they are only months apart, have made the social giant to handle cybersecurity with extreme caution.

In the meanwhile, Social Sweetener is stating^[2] that there is no evidence regarding personal data leaks:

As the data protection officer of Social Sweethearts, I would like to inform you that the matter has been carefully investigated. The investigation found that there was no evidence that personal data of users was disclosed to unauthorized third parties and all the more that there was no evidence that it had been misused. Nevertheless, data security is taken very seriously at Social Sweethearts and measures are currently being taken to avoid risks in the future.

A vice president of Facebook product partnerships, Ime Archibong, is saying that company handles this situation with Data Abuse Bounty Program.^[3] They worked together with NameTests to resolve these vulnerabilities on the social platform and the website. This might be the first but not the only case with data collecting and exposing via Facebook apps.

After the previous Cambridge Analytica scandal, Facebook said they have reviewed their apps and suspended more than 200 suspicious entries.^[4]

Not the first social media data breach scandal

It is not the first time Facebook is dealing with data breaches. It seems that the most famous one is Cambridge Analytica scandal which involved 87 million users who were affected. At this time, even the CEO of the company, Mark Zuckerberg, admitted their mistake of not recognizing Facebook's responsibilities. At this point, Facebook revealed that they had been collecting data since 2015, and published no alerts to warn their users at the time. People behind Cambridge Analytica stated that more than 50 million people were affected because of the personality test spread on the social network.

In May 2018, Twitter advised more than 300 million of its users to change their account passwords because of the discovered bug. A company stated that there is no information about exposed data. However, they still advised users to change their passwords as a cautionary measure. The team behind the social media platform stated that they had found the bug which had been exposing users' passwords in plain text on its internal network.

In 2017, another social media giant Instagram had a data breach issue. This time, hackers gained access to phone numbers and email addresses involving numerous verified users. A company did not reveal any details on this API flaw,^[5] but people were assured that the bug been patched and security team thoroughly investigated the incident. Of course, Instagram did not reveal the names of the high-profile targets.

Data breaches becoming more frequent

Social media is not the only one that got affected by various bugs and hacker attacks. There are many organizations, businesses, and companies which had been exposed to various system security vulnerabilities in the past year or two. Hackers are smart individuals who are learning from others' mistakes, making these attacks more and more dangerous.

It is vital for individual people and big companies to work on their security from each angle and take serious control when something like this happens. Knowledge and strong cybersecurity team should be a priority for everyone, mainly, when there is a repetition of these scandals regarding same companies. It is important not only to patch bugs in time but to rely on reputable software, update everything occasionally and build a secure routine through all branches of the company.

About the author

Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at 2-Spyware.com. She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions

References

^ Inti De Ceukelaire. This popular Facebook app publicly exposed your data for years. Medium. Online publishing platform.
^ Natasha Lomas. Yet another massive Facebook fail;Quiz app leaked data on 120M users for years. Tech Crunch. Startup and technology news.
^ Swapna Krishna. Facebook's bounty program offers rewards for reporting data abuse. Engadget. Multilingual technology blog.
^ Chaim Gartenberg. Facebook has suspended around 200 apps so far in data misuse investigation. The verge. American technology news network .
^ Hackers Exploit Instagram API Flaw to Steal Information from Verified Users. Trendmicro. Internet security software.