Facebook has just patched up another data leak, but the fix may come too late. And it's not related to the Cambridge Analytica breach at all.
Digital expert Inti De Ceukelaire has exposed a Facebook app called Nametests.com in a blog post on Medium. The app hosts personality quizzes (a la “Which Disney Princess Are You?”), but when De Ceukelaire took one, he noticed the app had gathered all the information on his page—and that the data was easily accessed by third-party websites.
What this means to users
Deleting the app didn’t erase your data from it, either. To do that, a user would have had to manually delete their cookies. He continued:
“If you ever took a quiz and removed the app afterwards, external websites would still be able to read your Facebook ID, first name, last name, language, gender, date of birth. You would have only prevented this from happening if you manually deleted your cookies, as the website does not offer a logout functionality.”
According to De Ceukelaire, he noticed the flaw was fixed on June 25, 2018, though the flaw has existed reportedly since the end of 2016. As of now, there is no evidence to support Nametests abusing this chink in the armor (and De Ceukelaire admits in his post that “it could have been a rookie programming mistake”). Even if it is a mistake, it is too serious a breach in privacy to be written off and slapped with a “try again next time.”
Facebook made this post regarding the breach: