Facebook, still reeling from the Cambridge Analytica personal data scandal, is facing scrutiny again as the intimate details of 3 million of its users were exposed in a data breach.
The data came from a popular Facebook hosted personality app which stored answers to very personal questions in a database that was accessible to anyone on the internet.
‘This type of data is very powerful and there is real potential for misuse,” Chris Sumner at the Online Privacy Foundation told New Scientist.
The app, myPersonality, allowed users to answer deeply probing questions about their personalities and included psychological tests. Those answers were stored in a database controlled by David Stillwell and Michal Kosisnski at the University of Cambridge’s Psychometrics Center. Alexandr Krogan, of the now infamous Cambridge Analytica scandal, was listed as a contributor up until 2014.
While the data was anonymized, experts say that it would take little effort to discover the profile associated with specific data sets.
“You could re-identify someone online from a status update, gender and date,” said Pam Dixon at the World Privacy Forum.
The data was exposed as the database was poorly secured and the username and password were available on the internet. As a result of the leak, 22 million status updates from over 150,000 users could be accessed by anyone in under a minute.
While no announcement has been made on whether a U.S. agency will investigate the breach, the U.K. Information Commissioner’s Office has opened a probe.
Just yesterday, Facebook announced that it had suspended about 200 apps that are suspected of accessing “large amounts of data.” Whether the suspensions stem from myPersonality’s data breach has not been made public. But, the Facebook suspension probe focused on apps from 2014 and earlier. myPersonality was suspended in early April.
“We are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it,” said Ime Archibong, Facebook’s vice president of Product Partnerships. “There is a lot more work to be done to find all the apps that may have misused people’s Facebook data – and it will take time.”