Massive New Facebook Breach: Personal Data from Millions of Users Available on Open Web
We’ve all heard by now about the massive leak of the personal data of three million Facebook users and friends when a personality app, myPersonality, was used to extract personal information. The data was then used by Cambridge Analytica as part of their election targeting efforts.
Mark Zuckerberg testified before Congress, apologized for the breach, and blamed it on the app company that shared the data. His solution was to more carefully screen the thousands of other apps; Facebook recently banned 200 of them.
But, like many times before, this was just the tip of the iceberg. We’ve just learned that intimate details about these three million users were freely available on the web for anyone to access for years, according to a New Scientist investigation.
According to New Scientist, “Academics at the University of Cambridge distributed the data from the personality quiz app myPersonality to hundreds of researchers via a website with insufficient security provisions, which led to it being left vulnerable to access for four years. Gaining access illicitly was relatively easy.”
According to the report, the intent was to make all of the data available to those who registered as a collaborator on the project. More than 280 people from nearly 150 institutions registered, including researchers at universities and employees from Facebook, Google, Microsoft, and Yahoo.