According to a recent TechCrunch report, a quiz app has been found misusing data of 120 million Facebook users after an ethical hacker found information on the abuse by Nametests.com that develops quizzes, games and apps for Facebook.
The hacker explained that he found out about the leak when he went hunting for data misuse after Facebook announced the data abuse bounty on 10 April, reported TechCrunch.
The quiz app comes under the German company Social Sweethearts that makes quizzes like "Which Disney Character Are You?”
The hacker, Inti De Ceukelaire had informed Facebook about the data leak in April through their own bounty program but still found the app live till about a month later. It took yet another month extra for the vulnerability to be fixed.
Finding that the quizzes were one of the most popular apps among Facebook users, the hacker took a quiz from one nametests.com and found out that the company was handing out data to any third party that requested it.
He outlined the details as to how the quizzes were collecting information like name, birthday, location, age etc.
Nametests was displaying the user's data in a javascript file, potentially exposing the data on Facebook users to any website they happened to visit.
In their statement to TechCrunch, Social Sweethearts denied any misuse of data:
As the data protection officer of Social Sweethearts, I would like to inform you that the matter has been carefully investigated. The investigation found that there was no evidence that personal data of users was disclosed to unauthorised third parties and all the more that there was no evidence that it had been misused. Nevertheless, data security is taken very seriously at Social Sweethearts and measures are currently being taken to avoid risks in the future.Statement
Facebook, on the other hand said that they have taken care of the matter.
A researcher brought the issue with the nametests.com website to our attention through our Data Abuse Bounty Program that we launched in April to encourage reports involving Facebook data. We worked with nametests.com to resolve the vulnerability on their website, which was completed in June.Ime Archibong, VP of Product Partnerships, Facebook
This incident comes after Facebook started conducting audits and bounty programs to hunt down defaulters when it comes to data privacy, after the whole Cambridge Analytica scandal. It has already suspended 200 apps as a result of the audit announced on 21 March. However, their dreary response to this data breach gives us serious doubts if the data security programs are anything but positive PR.
(With inputs from TechCrunch)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)