Another new Facebook scandal has recently surfaced, and this one involves an exposure of highly personal data of its users. According to researchers, a popular myPersonality app that was used to obtain personal data from the platform’s users exposed a lot of this data due to poor security.
A new report issued by the NewScientist claim that the popular Facebook app called myPersonality was used to gather highly personal data from Facebook users. The goal of gathering this data was to implement more precise targeted marketing, which would go in hand with the specific users’ personality type.
The report claims that around 3 million users tried out the app, and have given answers to a rather intimate questionnaire/survey. Not only was the data badly secured, but it also seems to have stayed like that for the course of four years.
According to the report, the data app was used by the University of Cambridge, which distributed it among a large number of researchers. The distribution of this sensitive information went via the very unsecured site, which left the data almost completely publicly accessible for years. This has certainly made it much easier for hackers and other types of cybercriminals to access it, and gain sensitive info about the Facebook users.
The content of the data itself included various answers to psychological answers that were asked with the goal of determining the users’ personality type. The information acquired via the app was supposed to be carefully stored and shared in secret among the chosen few research groups. Instead, due to poor protection, it was possible for nearly any individual to access it and deanonymize the app’s users.
The use of such data has become one of the easiest and most profitable ways of making money online. Despite the highly confidential nature of the info, it was still shared casually among the researchers, with no one bothering to properly anonymize it.
Online Privacy Foundation’s Chris Sumner has stated that unverified access to this kind of information has a great potential for powerful misuse.
The individuals responsible for securing the data were University of Cambridge’s Psychometrics Centre members Michal Kosinski and David Stillwell. Additionally, an individual by the name of Alexandr Kogan was to serve as the myPersonality project’s collaborator until 2014.
People with full access to the project’s data included all those who were recognized as project’s collaborators, which counts more than 280 individuals belonging to 150 different institutions. The institutions in question included various universities, but also technology companies including Google, Yahoo, Microsoft, as well as Facebook.
The person that is being held most responsible for the exposure is Alexandr Kogan. According to researchers, the data was originally protected with a username/password combination, but it was later published online on GitHub. This publication allowed even more people to access it, including those who were not even remotely included in the research.
This new discovery came at a very bad time for Facebook, especially considering the recent scandal involving Cambridge Analytica. The biggest difference, however, is that this time a number of respected research institutions and reputable universities are involved as well.
Upon discovering the fact that the info is left wide open for the taking, Facebook immediately suspended myPersonality app, starting April 7. A comment from the platform’s vice president of product partnership, Ime Archibong, states that the app was suspended a month ago because it was believed to have violated the platform’s policies. It is currently under investigation, and it will receive a permanent ban, should the team behind it refuses to respond or cooperate in any other way.
This was not the first time that Facebook issued a ban on an app that was proven to misuse sensitive information. In fact, it has located and removed over 200 apps that have violated any kind of Facebook’s policies. Obviously, these efforts need to improve even more, and the platform vows to increase its research, as well as to notify all affected by such apps.
The Psychometrics Centre of the University of Cambridge has failed to deliver any kind of statement regarding the issue so far, and the same goes for Alexandr Kogan.