A newly discovered data breach left more than 3 million Facebook users’ data exposed for four years on an unsecured website where anyone who wanted could access it, a New Scientist report has found.
University of Cambridge academics posted the data of 3 million users collected by the popular Facebook quiz “myPersonality” on a website with “insufficient security provisions” for “anyone to access,” the story said.
The leak is linked to the University of Cambridge data leak, where a Cambridge University app developer improperly shared 87 million Facebook users’ personal information with data-analytics firm Cambridge Analytica, which worked with Donald Trump’s campaign to target voters in 2016.
Hundreds of people at almost 150 institutions obtained access to the 3 million users’ data by registering as collaborators on the research project. But even those who were not researchers could easily obtain access to the data with a simple Google search for the active username and password to the site containing the data.
The unsecured information includes users’ answers to intimate and psychological questions about their conscientiousness, agreeableness, and neuroticism. Also exposed by the app were 22 million status updates written by more than 150,000 users, and the age, gender, and relationship status of 4.3 million people, the report found.
Although the information was anonymous, investigators said it would not have been difficult to detect the identities of the users, due to “poor precautions.”
Facebook suspended “myPersonality” last month. On Monday, the same day as the report detailing the breach, Facebook suspended 200 apps as part of its promise to investigate questionable and loosely secured uses of its data.
The United Kingdom’s Information Commissioner’s Office told investigators that it is looking into the newly revealed leak.