Facebook accused of massive new data breach

Facebook accused of massive new data breach

What are described as the ‘intimate’ details of some three million Facebook users was apparently accessible on a research website for four years.

New Scientist reports that academics from the University of Cambridge’s Psychometrics Centre shared data obtained from personality quiz myPersonality with other researchers via an unsecured website. The data included psychological test results.

All that was required to access the data was registration on the website. Those who were not accredited to an applicable collaborator institution, however, could easily Google for a publicly available username and password that was available on GitHub which granted access.

The myPersonality app was suspended by Facebook on April 7th over fears that the language it used to describe its data sharing may have violated Facebook policies.

It has also been revealed that Cambridge Analytica had at one stage requested access to the data but was rejected due to its political associations. Indeed, CA’s Alexandr Kogan was listed as a myPersonality collaborator until 2014.

Facebook is also said to have been aware of the myPersonality project since 2011, which begs questions of claims that it is only now investigating it.

How deep does the rabbit hole go?

The news comes as Facebook announces it has suspended 200 apps as part of its user data investigation.

"The investigation process is in full swing, and it has two phases,” said Facebook VP of product partnerships Ime Archibong in a new blog update.

“First, a comprehensive review to identify every app that had access to this amount of Facebook data. And second, where we have concerns, we will conduct interviews, make requests for information (RFI)… and perform audits that may include on-site inspections.

“We have large teams of internal and external experts working hard to investigate these apps as quickly as possible. To date thousands of apps have been investigated and around 200 have been suspended - pending a thorough investigation into whether they did in fact misuse any data.

“Where we find evidence that these or other apps did misuse data, we will ban them and notify people via this website. It will show people if they or their friends installed an app that misused data before 2015 - just as we did for Cambridge Analytica.

“There is a lot more work to be done to find all the apps that may have misused people’s Facebook data – and it will take time. We are investing heavily to make sure this investigation is as thorough and timely as possible. We will keep you updated on our progress.”

Get the latest news, interviews and in-depth analysis on Twitter and Facebook.