- Trump-Russia conspiracy theorists think they’ve found secrets in the Mueller report 10 Months Ago
- Report: YouTube is done competing with Netflix, Amazon 10 Months Ago
- Netflix drama ‘Coisa Mais Linda’ explores Bossa Nova clubs and women’s rights in Brazil Today 8:08 AM
- The best ‘Game of Thrones’ memes to get you pumped for season 8 Today 7:30 AM
- Amazon Echo Show (2nd Gen) vs Google Home Hub: Which is better? Today 7:00 AM
- Solange sings along to Ariana Grande on Instagram Stories—and fans are obsessed Today 6:37 AM
- How to stream the entire ’30 For 30′ series for free Today 6:30 AM
- Swipe This! My happiest Facebook Memories are making me miserable Today 6:30 AM
- Musketeers: Welcome to the global Elon Musk fan network Today 6:00 AM
- Lawsuit alleges YouTube’s unboxing videos are ‘abusive’ ads aimed at kids Sunday 3:48 PM
- Dr. Dre shades Lori Loughlin with Instagram flex about his daughter getting into USC Sunday 3:13 PM
- University of Georgia frat’s racist Snapchat video draws campus outrage Sunday 1:21 PM
- Facing criticism for eating fish, vegan YouTube star Rawvana speaks out Sunday 10:47 AM
- Arnold Schwarzenegger chases mini-pony in new TikTok video Sunday 9:19 AM
- Review: ‘Sekiro: Shadows Die Twice’ is a cut above the rest Sunday 8:00 AM
The incident has several ties to Cambridge Analytica.
Another Facebook data leak left the personal information of millions of users exposed online for anyone to access.
First reported by New Scientist, the leak is similar in many ways to the ongoing Cambridge Analytica crisis that saw a political data firm exploit the personal information of 87 million Facebook users. Like that incident, this latest leak involves a third-party personality test app developed by professors at Cambridge University.
The app, MyPersonality, gathered highly sensitive information about users, including their age, gender, status updates, and location and distributed it on an unsecured website to 280 researchers from 150 institutions including Microsoft, Facebook, and Google. More than 6 million people completed the test and around half of them agreed to share data from their profiles. The flood of information was supposed to be anonymized but responses and results were packaged together using a unique ID, making it easy to backtrack and determine who the data belonged to. If this process was automated, data could quickly be linked to millions of names.
“This type of data is very powerful and there is real potential for misuse,” Chris Sumner at the Online Privacy Foundation, told New Scientist.
Researchers had to register as collaborators to the project to access the full data set. However, a backdoor made it easy for any bad actor to steal the information, even those without an academic contract. For four years, the username and password needed to download the data sat open to the public on Github. The credentials were reportedly passed from a university lecturer to students for a course project on Facebook data management. It appears one of the students included the login information in a public GitHub repository that could be found with a simple web search. New Scientist confirmed gaining access to the information was “relatively easy.”
In total, the leak left 22 million status updates from 150,000 users, along with the age, gender, relationship status, and personality test details of 4.3 million people exposed.
The app’s creators, David Stillwell and Michal Kosinski, reportedly were involved with a company called Cambridge Personality Research, which sold a tool for ad targeting based on myPersonality data sets.
While separate incidents, there are many ties between this latest leak and the incident involving Cambridge Analytica. Aleksandr Kogan, the Cambridge University professor who developed the “This is Your Digital Life” app at the heart of the data harvesting scandal, was reportedly involved with MyPersonality until 2014. Facebook suspended the app last month amid a crackdown on third-party apps that violate its privacy rules. Its website has been taken down and the password and login from Github no longer work. Stillwell’s website and Twitter account were also mysteriously deleted.
It’s important to note that unlike Kogan’s, this app did not sell information to researchers or institutions. While researchers from commercial companies could access the data, they were forced to agree to strict data protection policies. Cambridge Analytica, the firm that purchased from Kogan’s app, approached the MyPersonality team for its data but was supposedly turned down.
It’s not clear how many outside parties used the exposed credentials to access the data or what they might have done with it. The Information Commissioner’s Office, the U.K.’s data watchdog group, is investigating the incident.
Facebook announced today that after reviewing “thousands” of apps, it has banned around 200 pending a “thorough investigating” into whether their developers misused user data. The action is just phase one of its Cambridge Analytica cleanup, which could take years.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.