Another Facebook app could have potentially exposed the personal information of up to 3 million Facebook users, allowing it to be accessed for up to about 4 years, an investigation has revealed.
In 2018 it was revealed that a Facebook “personality app” named “ThisIsYourDigitalLife” had previously managed to accumulate the information of millions of Facebook users and handed them to a political marketing firm called Cambridge Analytica. Shortly after, another company named Cubeyou was banned from Facebook for essentially doing the same thing. And now there is a third.
The app responsible this time was called myPersonality, and once again it presented itself as a personality app. Facebook users who installed the app were promised that the their personal information would be shared anonymously and responsibly, but that doesn’t appear to have happened.
6 million Facebook users installed the app and took the test, and half of those users also gave the app permission to scrape information from their Facebook profiles. That information was then “anonymously” stored on a website by academics at the University of Cambridge.
Sponsored Content. Continued below...
However an investigation by New Scientist revealed that not only was the security on that website extremely poor potentially allowing anyone access, but the information was stored in a way that deanonymizing it would be relatively easy.
Additionally, academics had also allowed researchers from commercial companies to access the data, providing they didn’t “profit from it directly”.
This means for 3 million Facebook users, not only were their answers to the quiz stored online – answers described as highly sensitive – but this was stored along with their personal information, including gender, age, relationship status and previous Facebook status updates. While Facebook users had their names redacted from the data set, instead replaced by a unique ID number, with this level of information available, tracing the information back to a specific user isn’t difficult.
Not only was deanonymizing easy, but the password and username credentials for the website that stored the data had been available online for years, on code sharing website GitHub. Which means anyone could have potentially accessed the data.
Sponsored Content. Continued below...
While “ThisIsYourDigitalLife” and the Cubeyou app intentionally gave away information on Facebook users to people they should not have done, perhaps the most worrying aspect to this third “myPersonality” app is the way in which the data it obtained was stored. This means not only do Facebook users need to trust developers not to pass their information on to people they shouldn’t, they also need to trust developers to store their information responsibly.
It’s another startling demonstration why Facebook users should seriously consider giving up on such “entertaining” Facebook apps from faceless app developers. While app developers may claim to treat your personal information responsibly, that is no guarantee that they will. While Facebook has since tightened up their controls over their developer app platform, leaks such as this are still possible if not inevitable.
The simple reality is this; if you don’t trust an app to treat your information responsibly, don’t give it access to your Facebook account.
Facebook removed the myPersonality app from their site in April 2018. The UK’s data watchdog, the ICO, has said it is currently investigating.