With regulators continuing their investigations into the Cambridge Analytica scandal, a security researcher has revealed that a personality quiz app dubbed "NameTests" has been exposing the details it had amassed to third-parties online since 2016.
As if that was not bad enough, the data – which included names, date of births, posts, statuses, photos and friend lists – was still being leaked even after users had deleted the app.
The only way to prevent the rogue quiz from serving up the data was for users to manually delete the cookies on their device, according to self-professed "ethical hacker" Inti De Ceukelaire in a blog post.
He explained: “I would imagine you wouldn’t want any website to know who you are, let alone steal your information or photos. Abusing this flaw, advertisers could have targeted (political) ads based on your Facebook posts and friends. More explicit websites could have abused this flaw to blackmail their visitors, threatening to leak your sneaky search history to your friends."
De Ceukelaire claims the NameTests app was displaying the quiz taker's information in a javascript file, essentially exposing their data to any external website they then visited.
He claims he notified Facebook on April 22 and that by June 25 NameTests had blocked third-party access to user data.
Thank you for your input
Thank you for your feedback
DataIQ is a trading name of IQ Data Group Limited
10 York Road, London, SE1 7ND
Phone: +44 020 3821 5665
Registered in England: 9900834
Copyright © IQ Data Group Limited 2024