Close-up of a key and padlock lying on a red binary code surface. The lock is unlocked and gives a glowing grid.
(This content is subject to copyright.)
A quiz app on Facebook can tell you which Disney princess you are is also the leakage of the personal information of its 120 million users.
“I was shocked to see that this information will be publicly available to third parties that requested it,” said Inti De Ceukelaire, a Belgian security researcher who discovered the data leak.
More From PCmag
Sony Xperia XZ2 Premium Is July 30 for $999.99
New Instagram Feature Allows You to Add Music to Stories
Offers: 25% Discount On The Segway Scooter, $20 Audible Credit
Kroger Taps Self-driving Cars to Deliver Groceries
“There is just one visit to our website to get access to someone’s personal information for up to two months,” he wrote in his blog post. “I would suggest that you do not want a website to know who you are, let alone to steal your information or photos.”
The incident was discovered when Facebook is still facing some blowback from the Cambridge Analytica scandal, which is in a separate personality testing of the app. In that case, the app intentionally misused Facebook data practices harvest people’s personal information for political ad targeting purposes. As much as 87 million users have been affected.
The leakage of information which Nametest.com does not seem to be deliberate. The Ceukelaire speculates that the error may have arisen from a “rookie programming language.” Nevertheless, the exposure of data has been around since at least the end of 2016.
The Ceukelaire reported the problem to Facebook in April by the new bug bounty ‘ program, which was introduced in response to the Cambridge Analytica scandal.
“This is exactly the reason why we started with our Data Misuse Bounty Program in April: to reward people for reporting of potential issues,” Facebook said in a public post about the error, which the company helped to solve the problem.
“To be on the safe side, we have revoked the access tokens for everyone on Facebook who has signed up to use this app. So people have to re-authorize the app to continue using it,” Facebook added.
The developers behind Nametests.com Social loved ones, said it is also found no evidence that bad actors ever abused the error.
However, The Ceukelaire said the whole incident raises serious questions about how Social Sweethearts is the processing of the data of its users. He also noted that Facebook is more than two months before it is finished with its investigation, and finally restored the error. During that time, the quiz apps out Nametests.com were still up and running.
“I am pleased that both Facebook and NameTests worked and the problem is solved,” he said in his blog post. “On the other hand, we cannot accept that the information of the hundreds of millions of users would be leaked so easily. We can and must do better.”
To protect yourself, The Ceukelaire recommends that you remove apps from Facebook that you no longer use.
This article originally appeared on PCMag.com.