Tuesday, February 11, 2025
HomeComputer Security3 Million Facebook Users Highly Sensitive Data Leaked by Personality App, called...

3 Million Facebook Users Highly Sensitive Data Leaked by Personality App, called myPersonality in Last 4 Years

Published on

SIEM as a Service

Follow Us on Google News

Sensitive data that collected from Facebook by personality app, called myPersonality Exposed 3 million Facebook users data online that can be accessed by anyone on the Internet.

Few weeks before Cambridge Analytica scandal revealed almost 87 Million Facebook Users Sensitive data has bee revealed before this incident.

Researchers at the University of Cambridge uploaded user data from 3 million Facebook users onto a poorly protected website that contains millions of Facebook users answers to a personality trait test.

Exposed Data was highly sensitive that can reveal the sensitive information of Facebook users that have been collected over 4 Years.

myPersonality App conducted various psychological tests around 3 million Facebook users and it stored the result that has been marked as highly sensitive data.

The researchers who created the app are based at the Psychometrics Centre at the University of Cambridge.

Researchers collected user information with consent through a personality app and then later they made it available to access for other researchers through a Poorly designed web portal.

In this case, more than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project.

According to newscientist, All of this data was then scooped up and the names removed before it was put on a website to share with other researchers.

The terms allow the myPersonality team to use and distribute the data “in an anonymous manner such that the information cannot be traced back to the individual user”.

Peoples have to register as a collaborator to the project to access the full data and more than 280 peoples did this from nearly 150 institutions.

Registered researchers are from universities and at companies like Facebook, Google, Microsoft, and Yahoo.

Personal Information Leaked

Credentials which is available in online to access the app data will provide the “Big Five” personality scores of 3.1 million users.

According to the source, These scores are used in psychology to assess people’s characteristics, such as conscientiousness, agreeableness and neuroticism.

Exposed Credentials allows accessing 22 million status updates from over 150,000 users, alongside details such as age, gender and relationship status from 4.3 million people.

“If at any time a username and password for any files that were supposed to be restricted were made public, it would be a consequential and serious issue,” says Pam Dixon at the World Privacy Forum.

Easily Access the Sensitive Data

The Whole set of data can be accessed by any encluding those who were not entitled to access the data since a working username and password has been available online which can be found bt simple Google search.

“myPersonality wasn’t merely an academic project; researchers from commercial companies were also entitled to access the data so long as they agreed to abide by strict data protection procedures and didn’t directly earn money from it”

According to Researchers, The publicly available username and password were sitting on the code-sharing website GitHub. They had been passed from a university lecturer to some students for a course project on creating a tool for processing Facebook data.

myPersonality specifically used to read the peoples mind by asking a different set of questions that was operating under the company called Cambridge Personality Research, eventually, it can be used to access to a tool for targeting adverts based on personality types, built on the back of the myPersonality data sets.

According to Stillwell,”Cambridge Analytica had approached the myPersonality app team in 2013 to get access to the data, but was turned down because of its political ambitions”.

Facebook suspended myPersonality from its platform on 7 April saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared, said newscientist.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

FinStealer Malware Targets Leading Indian Bank’s Mobile Users, Stealing Login Credentials

A new cybersecurity threat has emerged, targeting customers of a prominent Indian bank through...

Evil Crow RF Tool Transforms Smartphones into Powerful RF Hacking Devices

Innovative tools are continually appearing to enhance the capabilities of professionals and enthusiasts alike.One...

Massive Facebook Phishing Attack Targets Hundreds of Companies for Credential Theft

A newly discovered phishing campaign targeting Facebook users has been identified by researchers at...

Researchers Found North Korean Hackers Advanced Tactics, techniques, and procedures

Recent research has highlighted the increasingly sophisticated tactics, techniques, and procedures (TTPs) employed by...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale

Threat actors from dark web forums claim to have stolen and leaked 20 million...

New FUD Malware Targets MacOS, Evading Antivirus and Security Tools

A new strain of Fully Undetectable (FUD) macOS malware, dubbed "Tiny FUD," has emerged,...

Globe Life Ransomware Attack Exposes Personal and Health Data of 850,000+ Users

Globe Life Inc., a prominent insurance provider, has confirmed a major data breach that...