Wednesday, February 21, 2024

3 Million Facebook Users Highly Sensitive Data Leaked by Personality App, called myPersonality in Last 4 Years

Sensitive data that collected from Facebook by personality app, called myPersonality Exposed 3 million Facebook users data online that can be accessed by anyone on the Internet.

Few weeks before Cambridge Analytica scandal revealed almost 87 Million Facebook Users Sensitive data has bee revealed before this incident.

Researchers at the University of Cambridge uploaded user data from 3 million Facebook users onto a poorly protected website that contains millions of Facebook users answers to a personality trait test.

Exposed Data was highly sensitive that can reveal the sensitive information of Facebook users that have been collected over 4 Years.

myPersonality App conducted various psychological tests around 3 million Facebook users and it stored the result that has been marked as highly sensitive data.

The researchers who created the app are based at the Psychometrics Centre at the University of Cambridge.

Researchers collected user information with consent through a personality app and then later they made it available to access for other researchers through a Poorly designed web portal.

In this case, more than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project.

According to newscientist, All of this data was then scooped up and the names removed before it was put on a website to share with other researchers.

The terms allow the myPersonality team to use and distribute the data “in an anonymous manner such that the information cannot be traced back to the individual user”.

Peoples have to register as a collaborator to the project to access the full data and more than 280 peoples did this from nearly 150 institutions.

Registered researchers are from universities and at companies like Facebook, Google, Microsoft, and Yahoo.

Personal Information Leaked

Credentials which is available in online to access the app data will provide the “Big Five” personality scores of 3.1 million users.

According to the source, These scores are used in psychology to assess people’s characteristics, such as conscientiousness, agreeableness and neuroticism.

Exposed Credentials allows accessing 22 million status updates from over 150,000 users, alongside details such as age, gender and relationship status from 4.3 million people.

“If at any time a username and password for any files that were supposed to be restricted were made public, it would be a consequential and serious issue,” says Pam Dixon at the World Privacy Forum.

Easily Access the Sensitive Data

The Whole set of data can be accessed by any encluding those who were not entitled to access the data since a working username and password has been available online which can be found bt simple Google search.

“myPersonality wasn’t merely an academic project; researchers from commercial companies were also entitled to access the data so long as they agreed to abide by strict data protection procedures and didn’t directly earn money from it”

According to Researchers, The publicly available username and password were sitting on the code-sharing website GitHub. They had been passed from a university lecturer to some students for a course project on creating a tool for processing Facebook data.

myPersonality specifically used to read the peoples mind by asking a different set of questions that was operating under the company called Cambridge Personality Research, eventually, it can be used to access to a tool for targeting adverts based on personality types, built on the back of the myPersonality data sets.

According to Stillwell,”Cambridge Analytica had approached the myPersonality app team in 2013 to get access to the data, but was turned down because of its political ambitions”.

Facebook suspended myPersonality from its platform on 7 April saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared, said newscientist.


Latest articles

Beware of VietCredCare Malware that Steals businesses’ Facebook Accounts

A new cybersecurity threat targeting Facebook advertisers in Vietnam, known as VietCredCare, has emerged....

Google Chrome 122 Update Addresses Critical Security Vulnerabilities

Google has recently unveiled Chrome 122, a significant milestone for the widely used web...

New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack

Researchers have discovered that threat actors have been using open-source platforms and codes for...

New Mingo Malware Attacking Linux Redis Servers To Mine Cryptocurrency

The malware, termed Migo by the creators, attempts to infiltrate Redis servers to mine cryptocurrency on...

Security Onion 2.4.50 Released for Defenders With New Features

Security Onion Solutions has recently rolled out the latest version of its network security...

VMware Urges to Remove Enhanced EAP Plugin to Stop Auth & Session Hijack Attacks

VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin...

LockBit Ransomware Members Charged by Authorities, Free Decryptor Released

In a significant blow to one of the most prolific ransomware operations, authorities from...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles