3 Million Facebook Users Highly Sensitive Data Leaked by Personality App, called myPersonality in Last 4 Years

Sensitive data that collected from Facebook by personality app, called myPersonality Exposed 3 million Facebook users data online that can be accessed by anyone on the Internet.

Few weeks before Cambridge Analytica scandal revealed almost 87 Million Facebook Users Sensitive data has bee revealed before this incident.

Researchers at the University of Cambridge uploaded user data from 3 million Facebook users onto a poorly protected website that contains millions of Facebook users answers to a personality trait test.

Exposed Data was highly sensitive that can reveal the sensitive information of Facebook users that have been collected over 4 Years.

myPersonality App conducted various psychological tests around 3 million Facebook users and it stored the result that has been marked as highly sensitive data.

The researchers who created the app are based at the Psychometrics Centre at the University of Cambridge.

Researchers collected user information with consent through a personality app and then later they made it available to access for other researchers through a Poorly designed web portal.

In this case, more than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project.

According to newscientist, All of this data was then scooped up and the names removed before it was put on a website to share with other researchers.

The terms allow the myPersonality team to use and distribute the data “in an anonymous manner such that the information cannot be traced back to the individual user”.

Peoples have to register as a collaborator to the project to access the full data and more than 280 peoples did this from nearly 150 institutions.

Registered researchers are from universities and at companies like Facebook, Google, Microsoft, and Yahoo.

Personal Information Leaked

Credentials which is available in online to access the app data will provide the “Big Five” personality scores of 3.1 million users.

According to the source, These scores are used in psychology to assess people’s characteristics, such as conscientiousness, agreeableness and neuroticism.

Exposed Credentials allows accessing 22 million status updates from over 150,000 users, alongside details such as age, gender and relationship status from 4.3 million people.

“If at any time a username and password for any files that were supposed to be restricted were made public, it would be a consequential and serious issue,” says Pam Dixon at the World Privacy Forum.

Easily Access the Sensitive Data

The Whole set of data can be accessed by any encluding those who were not entitled to access the data since a working username and password has been available online which can be found bt simple Google search.

“myPersonality wasn’t merely an academic project; researchers from commercial companies were also entitled to access the data so long as they agreed to abide by strict data protection procedures and didn’t directly earn money from it”

According to Researchers, The publicly available username and password were sitting on the code-sharing website GitHub. They had been passed from a university lecturer to some students for a course project on creating a tool for processing Facebook data.

myPersonality specifically used to read the peoples mind by asking a different set of questions that was operating under the company called Cambridge Personality Research, eventually, it can be used to access to a tool for targeting adverts based on personality types, built on the back of the myPersonality data sets.

According to Stillwell,”Cambridge Analytica had approached the myPersonality app team in 2013 to get access to the data, but was turned down because of its political ambitions”.

Facebook suspended myPersonality from its platform on 7 April saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared, said newscientist.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

15 hours ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

2 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

3 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

3 days ago