Ethical hackers, vulnerabilities and bounty hunters Inti De Ceukelaire disclosed Thursday that Nametests.com’s third-party quiz application exposes 120 million Facebook users’ data to risk of disclosure. This proves the skepticism of many experts: Cambridge analysis is only the tip of the iceberg.
De Ceukelaire found that as long as users register for any quiz application on Nametests.com, their personal data on Facebook will be leaked. These data include name, date of birth, marital status, buddy list, pictures, and so on. Even if users delete these applications, these data will still be leaked.
De Ceukelaire, who uploaded this question to YouTube, said in his blog that he was shocked by Nametests.com mining users' Facebook information. He warned: "Under normal circumstances, other websites should not be able to access this information. ”
De Ceukelaire stated that he reported this issue to Facebook on April 22, and it was not until 8 days that Facebook responded that it was investigating. By May 14, he went to see if Facebook had contacted the developers of NameTest; after 8 days, Facebook only responded that it might take 3 to 6 months to investigate. De Ceukelaire noted on June 25 that Nametests.com has fixed this vulnerability. After contacting Facebook, the company acknowledged that the vulnerability had been fixed and agreed to donate $8,000 to the "Freedom of the Press Foundation" as part of the reward package.
Previously, the media detailedly reported that a company named GSR used the "thisisyourdigitallife" test to mine Facebook user data. GSR provided the collected data to Cambridge analysis. During the 2016 Presidential Election of President Trump, Cambridge Analysis provided detailed US voter data to the Trump camp and targeted them to advertise on the Facebook platform. Facebook Chief Technology Officer Mike Schroepfer later confirmed that the data breach involved 87 million Facebook users, mainly American users.
Giovanni Buttarelli, the highest official of the European Union’s data protection agency, previously warned that Facebook and Cambridge analyst companies are just “the tip of the iceberg” when it comes to scandals involving disclosure of personal privacy. The European head of data protection expects that more than 87 million Facebook user data and personal data will be captured by Cambridge analysts for targeted political advertising, and more violations will surface.
Facebook said in May this year that in order to remove third-party applications that may abusive Facebook users' data, the company's review action has been going on for 2 months, and so far it has temporarily blocked about 200 applications. After the Cambridge data analysis scandal was exposed, Facebook also blocked many new applications from joining the platform. However, at the annual F8 Developer Conference held in May this year, Facebook reopened the application review process.