Facebook is guilty of exposing users to a quiz service that leaked personal data from 120 million accounts over years. This was first reported by TechCrunch, that found quiz service site Nametests.com had leaked this data, even after Facebook’s internal audit had deleted the service. The audit was conducted to meet the standards of the European Union’s General Data Privacy Regulation (GDPR), that came into effect from May 25.
NameTests is the service behind popular Facebook quizzes, such as “What Would You Look Like As a Drawing?”, and “What Will You Leave behind You in 2018?”. The vulnerability was reported by hacker Inti de Cekuelaire, who is a member of Facebook’s Bug Bounty Program. Soon after the Cambridge Analytica scandal emerged, Facebook created a data abuse program, that allowed developers like Cekuelaire to detect and report apps and services that consumed user data heavily. Many of these services have supplied data to various political agencies, that have designed campaigns for the 2016 US presidential elections, and maybe polls in India as well.
NameTests claimes in its policy statement, “We work together with various technological partners who, for example, display advertisements on the basis of user data.” In addition, it states that usernames are kept anonymous, in order to maintain privacy. On locating the flaw to Facebook, the social network awarded the bounty amount of $8000, that was donated to the Freedom of the Press Foundation. Similar activities were also spotted by Aleksandr Kogan, a former analyst with Cambridge Analytica, who quoted the social network saying that ‘users should know their data is for sale’. Ongoing investigations into the data leak, known to have affected 87 million users, led to the eventual bankruptcy and shutdown of the political consultancy.