- Amanda Holden’s bad coronavirus advice sheds light on the struggle of being immunocompromised Friday 9:03 PM
- The World Health Organization is now fighting coronavirus misinformation on TikTok Friday 8:43 PM
- Police are using coronavirus misinformation to trick people into turning in drugs Friday 8:11 PM
- People can’t stop touching their faces–and the CDC really wants them to Friday 7:31 PM
- A TikTok of a girl getting an abortion is going viral—and the internet is divided Friday 3:06 PM
- FCC proposes $200 million fine for T-Mobile, others over data sharing Friday 3:03 PM
- Which ‘Love is Blind’ couples are still together? Friday 2:01 PM
- Review: ‘The Invisible Man’ reboot is thrilling but basic Friday 1:25 PM
- Sex workers speak out after OnlyFans leak Friday 1:21 PM
- Normani addresses Camila Cabello’s racist social media posts Friday 1:07 PM
- Mike Huckabee’s defense of Trump’s coronavirus response will make you nauseous Friday 12:06 PM
- Gmail’s email filtering may affect what candidate emails you are seeing Friday 11:08 AM
- Woman shares aftermath of domestic abuse: ‘This is only to raise awareness’ Friday 10:40 AM
- Skai Jackson gets restraining order against Bhad Bhabie after death threat Friday 10:19 AM
- Taylor Swift shades Scooter Braun in ‘The Man’ video Friday 10:15 AM
Another Facebook data leak left the personal information of millions of users exposed online for anyone to access.
First reported by New Scientist, the leak is similar in many ways to the ongoing Cambridge Analytica crisis that saw a political data firm exploit the personal information of 87 million Facebook users. Like that incident, this latest leak involves a third-party personality test app developed by professors at Cambridge University.
The app, MyPersonality, gathered highly sensitive information about users, including their age, gender, status updates, and location and distributed it on an unsecured website to 280 researchers from 150 institutions including Microsoft, Facebook, and Google. More than 6 million people completed the test and around half of them agreed to share data from their profiles. The flood of information was supposed to be anonymized but responses and results were packaged together using a unique ID, making it easy to backtrack and determine who the data belonged to. If this process was automated, data could quickly be linked to millions of names.
“This type of data is very powerful and there is real potential for misuse,” Chris Sumner at the Online Privacy Foundation, told New Scientist.
Researchers had to register as collaborators to the project to access the full data set. However, a backdoor made it easy for any bad actor to steal the information, even those without an academic contract. For four years, the username and password needed to download the data sat open to the public on Github. The credentials were reportedly passed from a university lecturer to students for a course project on Facebook data management. It appears one of the students included the login information in a public GitHub repository that could be found with a simple web search. New Scientist confirmed gaining access to the information was “relatively easy.”
In total, the leak left 22 million status updates from 150,000 users, along with the age, gender, relationship status, and personality test details of 4.3 million people exposed.
The app’s creators, David Stillwell and Michal Kosinski, reportedly were involved with a company called Cambridge Personality Research, which sold a tool for ad targeting based on myPersonality data sets.
While separate incidents, there are many ties between this latest leak and the incident involving Cambridge Analytica. Aleksandr Kogan, the Cambridge University professor who developed the “This is Your Digital Life” app at the heart of the data harvesting scandal, was reportedly involved with MyPersonality until 2014. Facebook suspended the app last month amid a crackdown on third-party apps that violate its privacy rules. Its website has been taken down and the password and login from Github no longer work. Stillwell’s website and Twitter account were also mysteriously deleted.
It’s important to note that unlike Kogan’s, this app did not sell information to researchers or institutions. While researchers from commercial companies could access the data, they were forced to agree to strict data protection policies. Cambridge Analytica, the firm that purchased from Kogan’s app, approached the MyPersonality team for its data but was supposedly turned down.
It’s not clear how many outside parties used the exposed credentials to access the data or what they might have done with it. The Information Commissioner’s Office, the U.K.’s data watchdog group, is investigating the incident.
Facebook announced today that after reviewing “thousands” of apps, it has banned around 200 pending a “thorough investigating” into whether their developers misused user data. The action is just phase one of its Cambridge Analytica cleanup, which could take years.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.