A Facebook quiz app that can tell you which Disney Princess you are has also lost the personal information of its 120 million users.
"I was shocked to discover that this data was publicly accessible to any third party," said Belgian security researcher Inti De Ceukelaire. Who discovered the data leak?
"It would only take one visit to our website to get up to two months' access to someone's personal information," he wrote in his blog post. "I imagine you do not want any website to know who you are, let alone steal your information or photos."
The incident was discovered when Facebook was still faced with the Cambridge Analytica scandal personality test app. In this case, the app deliberately uses the data practices of Facebook to collect personal information from people for political purposes. Up to 87 million users could have been affected.
The data leak from Nametest.com does not seem to be intended. De Ceukelaire speculates that the error may be due to a "beginner programming error". Nonetheless, data exposure has been in progress since at least the end of 2016.
De Ceukelaire reported on Facebook in April about the company's new bug bounty program, which was introduced in response to the Cambridge Analytica scandal. 196590000] " That's why we launched our Data Misuse Bounty Program in April to reward people for reporting potential issues," said Facebook in a public post about the bug the company helped fix ,
"To be on the safe side, we have blocked the access tokens for all Facebook users who have signed up to use this app users re-authorize the app in order
The developers behind Namentests.com, Social Sweethearts, said there is no evidence that bad actors ever misused the mistake.  However, De Ceukelaire said that Whole incident raises serious questions about how Social Sweethear ts handled his users' data, and found that it took over two months for Facebook to finish its investigation and then fix the bug, during which time the quiz apps were from Nametests .com still working.
"I'm glad that both Facebook and NameTests cooperated and solved the problem," he said in his blog post. "On the other We can not accept that information could have been leaked by hundreds of millions of users so easily. We can and must do better. "
To protect himself, De Ceukelaire recommends deleting all apps Facebook you no longer use.