- Fans call out Madonna for edited Eurovision video Tuesday 9:36 PM
- Partnered Twitch streamer temporarily banned for airing troll’s racist message Tuesday 8:45 PM
- Reddit theory says fans are wrong about who won ‘Game of Thrones’ Tuesday 6:52 PM
- Elon Musk hires ‘absolute unit’ sheep meme creator to be Tesla’s social media manager Tuesday 6:12 PM
- Jason Momoa stands by his Khaleesi after the ‘Game of Thrones’ finale Tuesday 4:05 PM
- Airbnb, 23andMe partner for creepy heritage travel recommendations Tuesday 3:26 PM
- Rep. Katie Porter goes viral again for trouncing Ben Carson (updated) Tuesday 3:26 PM
- This deepfake takes Bill Hader’s Schwarzenegger impression to the next level Tuesday 2:58 PM
- Wanda Sykes rails against Trump and offers much-needed perspective in ‘Not Normal’ Tuesday 2:41 PM
- Man arrested after allegedly threatening to shoot YouTube employees Tuesday 2:13 PM
- Some House Dems are backing away from the Save the Internet Act Tuesday 1:40 PM
- Thousands sign petition calling for Danny DeVito to play Wolverine Tuesday 1:02 PM
- Jason Mitchell fired from ‘Desperados’ and ‘The Chi’ after misconduct allegations Tuesday 12:36 PM
- Police raid Black woman’s house after white neighbor complains about loud Malcolm X speeches Tuesday 12:20 PM
- ‘Transfixed’ says it’s a ‘breakthrough’ series, but it still fetishizes trans bodies Tuesday 11:04 AM
The incident has several ties to Cambridge Analytica.
Another Facebook data leak left the personal information of millions of users exposed online for anyone to access.
First reported by New Scientist, the leak is similar in many ways to the ongoing Cambridge Analytica crisis that saw a political data firm exploit the personal information of 87 million Facebook users. Like that incident, this latest leak involves a third-party personality test app developed by professors at Cambridge University.
The app, MyPersonality, gathered highly sensitive information about users, including their age, gender, status updates, and location and distributed it on an unsecured website to 280 researchers from 150 institutions including Microsoft, Facebook, and Google. More than 6 million people completed the test and around half of them agreed to share data from their profiles. The flood of information was supposed to be anonymized but responses and results were packaged together using a unique ID, making it easy to backtrack and determine who the data belonged to. If this process was automated, data could quickly be linked to millions of names.
“This type of data is very powerful and there is real potential for misuse,” Chris Sumner at the Online Privacy Foundation, told New Scientist.
Researchers had to register as collaborators to the project to access the full data set. However, a backdoor made it easy for any bad actor to steal the information, even those without an academic contract. For four years, the username and password needed to download the data sat open to the public on Github. The credentials were reportedly passed from a university lecturer to students for a course project on Facebook data management. It appears one of the students included the login information in a public GitHub repository that could be found with a simple web search. New Scientist confirmed gaining access to the information was “relatively easy.”
In total, the leak left 22 million status updates from 150,000 users, along with the age, gender, relationship status, and personality test details of 4.3 million people exposed.
The app’s creators, David Stillwell and Michal Kosinski, reportedly were involved with a company called Cambridge Personality Research, which sold a tool for ad targeting based on myPersonality data sets.
While separate incidents, there are many ties between this latest leak and the incident involving Cambridge Analytica. Aleksandr Kogan, the Cambridge University professor who developed the “This is Your Digital Life” app at the heart of the data harvesting scandal, was reportedly involved with MyPersonality until 2014. Facebook suspended the app last month amid a crackdown on third-party apps that violate its privacy rules. Its website has been taken down and the password and login from Github no longer work. Stillwell’s website and Twitter account were also mysteriously deleted.
It’s important to note that unlike Kogan’s, this app did not sell information to researchers or institutions. While researchers from commercial companies could access the data, they were forced to agree to strict data protection policies. Cambridge Analytica, the firm that purchased from Kogan’s app, approached the MyPersonality team for its data but was supposedly turned down.
It’s not clear how many outside parties used the exposed credentials to access the data or what they might have done with it. The Information Commissioner’s Office, the U.K.’s data watchdog group, is investigating the incident.
Facebook announced today that after reviewing “thousands” of apps, it has banned around 200 pending a “thorough investigating” into whether their developers misused user data. The action is just phase one of its Cambridge Analytica cleanup, which could take years.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.