When Facebook-Cambridge Analytica scandal started blazing up headlines, many Facebook critics and security experts called it just a beginning. That prophecy is turning out to be accurate as a dubious quiz application, named NameTests, has ended up exposing data of about 120 million users for years.
As per Inti De Ceukelaire, the security researcher who uncovered the leak, this incident affects almost every American Facebook user. The hacker spotted this screwup when he came across Facebook’s Data Abuse Bounty program, which was launched as a part of the cleanup act after CA scandal.
He verified the same by setting up a fresh website and connected it to NameTests Facebook quiz and tried to steal information about the site’s visitors. Moreover, NameTests also provided access tokens to the websites that would let them access the user’s posts, friends list, posts, etc.
Here’s a video demo of the same:
NameTests even continued sharing the personal data after deleting the app. For a complete cleaning up, the user had to manually erase cookies stored on the device.
On April 22nd, Ceukelaire reported the NameTests data leak issue to Facebook’s Data Abuse program; it got resolved just a few days ago. The company paid $8000 bug bounty to a charity as per his request.