Reports from New Scientist states that the researchers at the University of Cambridge have uploaded user data from 3 million Facebook users onto a shared portal. They locked the data with a unique username and password, but the students later posted their login credentials online which exposed their data to anyone who made a quick web search to look for the username and passwords.
The researchers at the University of Cambridge has distributed the data from the personality quiz app “myPersonality” to millions of people using a website which had weak security provisions. This led the website to be vulnerable in excess for four years. Gaining access to data through the app was really easy.
The data which got exposed was highly sensitive and revealed the personal details of Facebook users like their results of psychological tests. The data was supposed to be stored and shared anonymously but there were no precautions taken to secure it so it got leaked easily. Facebook suspended the myPersonality app since it violated the company’s policies.
More than 6 million people completed the quiz to get their results on myPersonality. More than half of the users agreed to share the data from their Facebook profiles. All of the data was then scooped up and the names of the users were removed before the data was put on the website. The terms allowed the myPersonality team to use and distribute the data “in an anonymous manner such that the information cannot be traced back to the individual user.”
To get access to the complete dataset, people were required to register as a collaborator to the project. More than 280 people from 150 institutions took part in it including the researchers at the companies like Facebook, Google, Microsoft, and Yahoo. Ime Archibong, Vice president of product partnership at Facebook said, “We suspended the myPersonality app almost a month ago because we believe that it may have violated Facebook’s policies, We are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it. There is a lot more work to be done to find all the apps that may have misused people’s Facebook data — and it will take time, we are investing heavily to make sure this investigation is as thorough and timely as possible. We will keep you updated on our progress.”
Facebook has suspended nearly 200 apps and is tracking down more apps which might be misusing the user information. Archibong said in a blog post that the company will further investigate all the apps and Facebook also plans to notify users of how exactly their data was infected if any evidence of abuse is found. The data sets are controlled by David Stillwell and Michal Kosinski at the Psychometrics Center of the University of Cambridge. Alexandar Kogan was also a part of the project, who was involved in Cambridge Analytica scandal. This incident relates to the larger scandal plaguing both Facebook and the researchers affiliated with the University of Cambridge. The political campaign consultancy obtained and misused the data of 87 million users.