Facebook Quiz app

A famous Facebook Quiz app NameTests spotted exposing the user data publically, the app exposed more than 120 million user personal data that could be accessible by another website.

White hat hacker Inti De Ceukelaire identified the Facebook Quiz app “Which Disney Princess Are You?” powered by NameTests that fetches the user information and display it publically on the webpage.

Data Exposed – Facebook Quiz app

According to Facebook insights, NameTests has more than 120 million active users per month. The app collects the following information form the user such as facebook id, first_name, last_name, age, birthdate, gender, photos, posts and friends details.

The collected information wrapped with a javascript that can be shared with any third party apps if they request the data.

Ceukelaire setup a website to show how easily one can steal the personal data collected by the app. He also published a video to show how someone would get personal information of two months with a single visit.

Also, the app reveals your identity even after removing it, users need to delete the cookie’s from the device to get away from the app.

Data Abuse Bounty Program

Ceukelaire reported the issue to Facebook as a precaution measure “Facebook revoked access token to everyone signed to use the affected app”. Later they worked with the app developer Nametests app developer and the issue was fixed now.

Nametests said that there is no evidence of data abuse by a third party according to their logs. Facebook Launches Data Abuse Bounty Program in April, that rewards researchers who report the abuse of data by app developers.

Data Abuse Bounty report results in fixed third-party bug We wanted to call out a fix by nametests.com that happened…

Facebook Bug Bountyさんの投稿 2018年6月28日木曜日

Facebook doubled the $4,000 data abuse bounty as Ceukelaire informed Facebook to donate it to charity.

Facebook was in serious controversies after Cambridge Analytica scandal that affects 87 Million Facebook users, from US, UK, Indonesia, Philippines and other countries.

Security Measures of Cambridge Analytica

The Cambridge Analytica data-gathering scandal is mainly due to permissions abused by the developers that associated with the Facebook Login feature. 87 Million Facebook Users Affected by the Cambridge Analytica Data Scandal.

After this incident, Facebook has made some import decision and changes in Facebook products Such as Events API, Groups API, Pages API, Facebook Login, and other Functions.

Mozilla launched a new Firefox add-on dubbed Facebook container that makes tracking harder by isolating your Facebook identity from the rest of web activities.

Also Read

25,936 Malicious Apps Use Facebook APIs to Obtain a Range of Information

Facebook Launches Data Abuse Bounty Program With rewards Up to $40,000

87 Million Facebook Users Affected by the Cambridge Analytica Data Breach: New Report