After the famous Cambridge Analytica scandal, Facebook has again made into the headlines after it was discovered that a popular quiz app, called NameTests, have been exposing their user’s private data for years.
The company has been found to have exposed the personal information of as many as 120 million Facebook users.
Nametests is managed by a German app maker named Social Sweethearts, that created popular social quizzes like “Which Disney Princess Are You?” and distributed them on Facebook. Just like any Facebook app, users had to sign up on the NameTests website and while doing so, the app asks for permission to fetch some necessary information about the user’s Facebook profile.
However, the researcher noticed that the website is leaking logged-in user’s details to the other websites that are opened in the same browser.
How did the leak happen?
Nametests websites had a severe vulnerability because of which it was possible for other websites to access user’s information.
The researcher reported the flaw through Facebook’s Data Abuse Bounty Program( which was launched in April) on April 22. After 2 months, Facebook informed the researcher that they had fixed the issue and also donated $8,000 to the Freedom of the Press Foundation as part of its Data Abuse Bounty Program.
Comments from Ankush Johar, Director at Infosec Ventures – an organisation that provides complete infrastructure security solutions for commercial and government clients of all sizes
This is not the first time that a third-party app has leaked users’ private data. Apart from the already declared and patched privacy controls, there isn’t much Facebook can do with such an incident as it’s the quiz website that has failed to store PII insecurely.
Data is the new Oil, its the most valued resource on the globe and Facebook lost a lot of it but the best way to find suck leaks is via a crowdsourcing and this is bug bounty program by Facebook, is a proof. As for users, If a quiz app needs your friend list and liked pages, definitely one should be reluctant. One thing that a user must realise is that one’s security is in their own hands and they have to THINK BEFORE THEY CLICK!
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
Copyright © 2014 - 2022 The Global Indian New Network (TGINN)