GAMBIT MAGAZINE

Entertainment Unfiltered

Facebook Quiz App Exposes the Data of 120 Million Users

B. Simmons July 3, 2018 in Tech Tagged , , - 2 Minutes
Facebook

Are you really surprised at this point?

Facebook’s been in hot water over this stuff for a while. Back in March, it all began with Cambridge Analytica purchasing user data from the professor running the quiz app thisisyourdigitallife. And the hits just keep on coming, because an ethical hacker by the  name of Inti De Ceukelaire has exposed a breach in what’s being called the NameTests security flaw.

On Wednesday last week, he detailed exactly how the whole thing works:

In the light of the Cambridge Analytica scandal, Facebook tried to clean up its act by launching their data abuse bounty program. Being a participant in their Bug Bounty Program, I got triggered and decided to give it a shot. I scrolled through my timeline and noted down all apps my friends were using. Fitness trackers and Facebook Quizzes topped my list. The latter have been heavily criticised for their massive data harvesting and data-greedy permissions, so for the first time in my life, I took a Facebook Quiz.

Upon closer investigation, I noticed something strange.

While loading a test, the website would fetch my personal information and display it on the webpage. Here’s where it got my personal information from:

http://nametests.com/appconfig_user

That Javascript file was accessible to anyone that knew it was there. And it contains a fair amount of info: your name, photos, date of birth, friends, and so on. Any website could put in a token to have access to that data for up to 2 months. De Ceukelaire  gives an example of a shady site that a user who has take the quiz visits:

I would imagine you wouldn’t want any website to know who you are, let alone steal your information or photos. Abusing this flaw, advertisers could have targeted (political) ads based on your Facebook posts and friends. More explicit websites could have abused this flaw to blackmail their visitors, threatening to leak your sneaky search history to your friends.

De Ceukelaire submitted the issue to Facebook’s bounty program, but they were incredibly slow to respond. What’s more, they framed the whole thing as a voluntary announcement, when they’d actually been made aware of the issue for some time. needless to say, while De Ceukelaire goes into far more depth on the Medium post linked above, he did detail some steps you can take to protect your data:

  • Delete apps you’re not using
  • Be careful about granting apps access to your data
  • Delete your cookies on the reg
READ:  Microsoft Wants People To Stop Using Internet Explorer

Oh, and my suggestion:

  • Don’t use those stupid Facebook quiz apps in the first place
Source: Gizmodo

About Author

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT’s resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

See author's posts

Related Posts

ZOTAC GAMING Offers Massive Discounts During Amazon Gaming Week
April 30, 2024
Delta
Free Delta Emulator Now Available For iOS On The App Store
April 17, 2024
Windows 11
Windows 11 Start Menu To Slowly Get More Infested By Ads At Microsoft’s Behest
April 17, 2024

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT's resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

Learn More →

You May Have Missed!

2 MinutesXbox 360
Video Games
Big Xbox 360 Sale featuring Non-Backwards-Compatible Games Ahead Of Impending Store Shutdown
May 14, 2024
5 MinutesRainbow Cotton Review
Game Reviews
Rainbow Cotton Remaster Review
May 10, 2024
3 MinutesEA
Video Games
EA Studios “Hunger” For The Chance To Start Using Generative AI, Says CEO
May 9, 2024
1 Minute
Movies Television News
Disney and Warner Bros. Discovery Announce Disney+, Hulu, Max Bundle
May 8, 2024