قالب وردپرس درنا توس
Home / Technology / Quiz app on Facebook accidentally puts data from 120M user | News and opinion

Quiz app on Facebook accidentally puts data from 120M user | News and opinion



A Facebook quiz app that can tell you which Disney Princess you are has also lost the personal information of its 120 million users.

Nametests.com's quiz app obviously stored their users' personal information in a rather carefree way; The data circulated through a public javascript file that could theoretically be accessed by other websites.

"I was shocked to discover that this data was publicly accessible to any third party," said Belgian security researcher Inti De Ceukelaire. Who discovered the data leak?

On Wednesday he published a blog post describing how the Javascript file could compromise the privacy of Nametests.com users. A third-party Web site might be able to exploit the Javascript file to see if inbound visitors have a Facebook profile. When visitors do so, the site may collect details of Facebook profiles, including name, age, date of birth, and gender.

De Ceukelaire demonstrated the threat by creating his own website that can retrieve data from the javascript file of the Quiz app. Every user of the quiz app who has visited his website not only receives his Facebook data, but also his photos and friends list.

"It would only take one visit to our website to get up to two months' access to someone's personal information," he wrote in his blog post. "I imagine you do not want any website to know who you are, let alone steal your information or photos."

The incident was discovered when Facebook was still faced with the Cambridge Analytica scandal personality test app. In this case, the app deliberately uses the data practices of Facebook to collect personal information from people for political purposes. Up to 87 million users could have been affected.

The data leak from Nametest.com does not seem to be intended. De Ceukelaire speculates that the error may be due to a "beginner programming error". Nonetheless, data exposure has been in progress since at least the end of 2016.

De Ceukelaire reported on Facebook in April about the company's new bug bounty program, which was introduced in response to the Cambridge Analytica scandal. 196590000] " That's why we launched our Data Misuse Bounty Program in April to reward people for reporting potential issues," said Facebook in a public post about the bug the company helped fix ,

  Name Tests .com Facebook

"To be on the safe side, we have blocked the access tokens for all Facebook users who have signed up to use this app users re-authorize the app in order

The developers behind Namentests.com, Social Sweethearts, said there is no evidence that bad actors ever misused the mistake. [1965] However, De Ceukelaire said that Whole incident raises serious questions about how Social Sweethear ts handled his users' data, and found that it took over two months for Facebook to finish its investigation and then fix the bug, during which time the quiz apps were from Nametests .com still working.

"I'm glad that both Facebook and NameTests cooperated and solved the problem," he said in his blog post. "On the other We can not accept that information could have been leaked by hundreds of millions of users so easily. We can and must do better. "

To protect himself, De Ceukelaire recommends deleting all apps Facebook you no longer use.


Source link