Sensitive data that collected from Facebook by personality app, called myPersonality Exposed 3 million Facebook users data online that can be accessed by anyone on the Internet.
Few weeks before Cambridge Analytica scandal revealed almost 87 Million Facebook Users Sensitive data has bee revealed before this incident.
Researchers at the University of Cambridge uploaded user data from 3 million Facebook users onto a poorly protected website that contains millions of Facebook users answers to a personality trait test.
Exposed Data was highly sensitive that can reveal the sensitive information of Facebook users that have been collected over 4 Years.
myPersonality App conducted various psychological tests around 3 million Facebook users and it stored the result that has been marked as highly sensitive data.
The researchers who created the app are based at the Psychometrics Centre at the University of Cambridge.
Researchers collected user information with consent through a personality app and then later they made it available to access for other researchers through a Poorly designed web portal.
In this case, more than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project.
According to newscientist, All of this data was then scooped up and the names removed before it was put on a website to share with other researchers.
The terms allow the myPersonality team to use and distribute the data “in an anonymous manner such that the information cannot be traced back to the individual user”.
Peoples have to register as a collaborator to the project to access the full data and more than 280 peoples did this from nearly 150 institutions.
Registered researchers are from universities and at companies like Facebook, Google, Microsoft, and Yahoo.
Credentials which is available in online to access the app data will provide the “Big Five” personality scores of 3.1 million users.
According to the source, These scores are used in psychology to assess people’s characteristics, such as conscientiousness, agreeableness and neuroticism.
Exposed Credentials allows accessing 22 million status updates from over 150,000 users, alongside details such as age, gender and relationship status from 4.3 million people.
“If at any time a username and password for any files that were supposed to be restricted were made public, it would be a consequential and serious issue,” says Pam Dixon at the World Privacy Forum.
The Whole set of data can be accessed by any encluding those who were not entitled to access the data since a working username and password has been available online which can be found bt simple Google search.
“myPersonality wasn’t merely an academic project; researchers from commercial companies were also entitled to access the data so long as they agreed to abide by strict data protection procedures and didn’t directly earn money from it”
According to Researchers, The publicly available username and password were sitting on the code-sharing website GitHub. They had been passed from a university lecturer to some students for a course project on creating a tool for processing Facebook data.
myPersonality specifically used to read the peoples mind by asking a different set of questions that was operating under the company called Cambridge Personality Research, eventually, it can be used to access to a tool for targeting adverts based on personality types, built on the back of the myPersonality data sets.
According to Stillwell,”Cambridge Analytica had approached the myPersonality app team in 2013 to get access to the data, but was turned down because of its political ambitions”.
Facebook suspended myPersonality from its platform on 7 April saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared, said newscientist.
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…