More Data Disasters: Another Personality Quiz on Facebook Exposes Data of Millions of Users
In March, it was revealed how a personality quiz on Facebook named thisisyourdigitallife managed to access and then sell data of over 50 million users of the social networking site to a political consultancy. It now appears that a second personality quiz app may have done exactly the same.
A report by New Scientist reveals yet another leak that affects data of over 3 million users that was "left exposed online for anyone to access" for over four years! The report said that the academics at the University of Cambridge distributed the data from the personality quiz app named myPersonality to hundreds of researchers via a website with insufficient security provisions.
More than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project. All of this data was then scooped up and the names removed before it was put on a website to share with other researchers. The terms allow the myPersonality team to use and distribute the data “in an anonymous manner such that the information cannot be traced back to the individual user”.
Over 280 people from nearly 150 institutions eventually gained access to the full data set by registering as a collaborator to the project. From researchers at universities to people at companies like Facebook, Google, Microsoft and Yahoo - everyone had fun with your data and all the intimate answers entered in the quiz.
Not the only ones having access to the Facebook user data, though
But these 280 people or collaborators weren't alone in having access to data of nearly 3 million users. The report suggests that for those who couldn't access the data set because they didn't have an academic contract, there was a "working username and password" available on GitHub that was passed around between students working on tools for processing Facebook data.
Anyone who wanted access to the data set could have found the key to download it in less than a minute.
The report further claimed that Cambridge Analytica actually tried to get this data too from the researchers David Stillwell and Michal Kosinski of the University of Cambridge’s The Psychometrics Centre. However, their request was turned down by the myPersonality app team in 2013 because of the company's political ambitions. Alexander Kogan who is at the heart of the Cambridge Analytica situation was also listed on this project as a collaborator until 2014.
Facebook has now suspended the myPersonality app (and around 200 other similar apps) in its efforts to investigate apps that may have violated its data privacy policies. However, this is yet another reminder that when you agree to sharing your data with one app, it is going to be mass circulated, ending up online. While this is yet another problem for Facebook that is already trying to deal with an eerily similar Cambridge Analytica data misuse scandal, no one over at Facebook HQ is going to lose their sleep since they are making more money than ever.
Experts are worried that the researchers didn't do enough to anonymize the data, as well. "Any data set that has enough attributes is extremely hard to anonymise," Yves-Alexandre de Montjoye at Imperial College London said. "The use of the data can’t be at the expense of people’s privacy."
Facebook says it's currently investigating the app, and if myPersonality refuses to cooperate or fails the audit, the company will ban it. Another case of too little, too late...