Saturday, June 22, 2024

3 Million Facebook Users Highly Sensitive Data Leaked by Personality App, called myPersonality in Last 4 Years

Sensitive data that collected from Facebook by personality app, called myPersonality Exposed 3 million Facebook users data online that can be accessed by anyone on the Internet.

Few weeks before Cambridge Analytica scandal revealed almost 87 Million Facebook Users Sensitive data has bee revealed before this incident.

Researchers at the University of Cambridge uploaded user data from 3 million Facebook users onto a poorly protected website that contains millions of Facebook users answers to a personality trait test.

Exposed Data was highly sensitive that can reveal the sensitive information of Facebook users that have been collected over 4 Years.

myPersonality App conducted various psychological tests around 3 million Facebook users and it stored the result that has been marked as highly sensitive data.

The researchers who created the app are based at the Psychometrics Centre at the University of Cambridge.

Researchers collected user information with consent through a personality app and then later they made it available to access for other researchers through a Poorly designed web portal.

In this case, more than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project.

According to newscientist, All of this data was then scooped up and the names removed before it was put on a website to share with other researchers.

The terms allow the myPersonality team to use and distribute the data “in an anonymous manner such that the information cannot be traced back to the individual user”.

Peoples have to register as a collaborator to the project to access the full data and more than 280 peoples did this from nearly 150 institutions.

Registered researchers are from universities and at companies like Facebook, Google, Microsoft, and Yahoo.

Personal Information Leaked

Credentials which is available in online to access the app data will provide the “Big Five” personality scores of 3.1 million users.

According to the source, These scores are used in psychology to assess people’s characteristics, such as conscientiousness, agreeableness and neuroticism.

Exposed Credentials allows accessing 22 million status updates from over 150,000 users, alongside details such as age, gender and relationship status from 4.3 million people.

“If at any time a username and password for any files that were supposed to be restricted were made public, it would be a consequential and serious issue,” says Pam Dixon at the World Privacy Forum.

Easily Access the Sensitive Data

The Whole set of data can be accessed by any encluding those who were not entitled to access the data since a working username and password has been available online which can be found bt simple Google search.

“myPersonality wasn’t merely an academic project; researchers from commercial companies were also entitled to access the data so long as they agreed to abide by strict data protection procedures and didn’t directly earn money from it”

According to Researchers, The publicly available username and password were sitting on the code-sharing website GitHub. They had been passed from a university lecturer to some students for a course project on creating a tool for processing Facebook data.

myPersonality specifically used to read the peoples mind by asking a different set of questions that was operating under the company called Cambridge Personality Research, eventually, it can be used to access to a tool for targeting adverts based on personality types, built on the back of the myPersonality data sets.

According to Stillwell,”Cambridge Analytica had approached the myPersonality app team in 2013 to get access to the data, but was turned down because of its political ambitions”.

Facebook suspended myPersonality from its platform on 7 April saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared, said newscientist.


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles