Data of 3 Million Users Exposed in Latest Facebook Breach
A quiz app called “myPersonality” may have endangered the personal information of three million Facebook users, according to a report from New Scientist.
The app asked users a variety of questions to determine their characteristics, such as neuroticism or agreeableness. While the results were supposed to be anonymous, New Scientist reported the information, which had been compiled by researchers at the University of Cambridge, was not properly anonymized. Additionally, the data was shared with hundreds of researchers via a website with “insufficient security precautions.”
To gain access to the information, users needed to register with the site, and companies such as Facebook, Google, Microsoft and Yahoo all registered. However, New Scientist reports a username and password was available on a code-sharing website called GitHub, and the information could be discovered from a simple web search. Anyone who could find this login information could access the site.
Facebook suspended myPersonality in April as a part of its post-Cambridge Analytica scandal audit. This week, the company reported an estimated 200 apps have been suspended as a result of its investigation.
The credentials available on GitHub no longer work, and the myPersonality website has been taken down.