With regulators continuing their investigations into the Cambridge Analytica scandal, a security researcher has revealed that a personality quiz app dubbed "NameTests" has been exposing the details it had amassed to third-parties online since 2016.
As if that was not bad enough, the data – which included names, date of births, posts, statuses, photos and friend lists – was still being leaked even after users had deleted the app.
The only way to prevent the rogue quiz from serving up the data was for users to manually delete the cookies on their device, according to self-professed "ethical hacker" Inti De Ceukelaire in a blog post.
He explained: “I would imagine you wouldn’t want any website to know who you are, let alone steal your information or photos. Abusing this flaw, advertisers could have targeted (political) ads based on your Facebook posts and friends. More explicit websites could have abused this flaw to blackmail their visitors, threatening to leak your sneaky search history to your friends."
He claims he notified Facebook on April 22 and that by June 25 NameTests had blocked third-party access to user data.