A new data breach scandal has hit Facebook, just as the social networking site was scrambling to regain user trust after the Cambridge Analytica debacle.
A security researcher found that a third-party app called NameTest left the data of 120 million Facebook users exposed online for years; Facebook took weeks to respond.
NameTest also provided those who requested information with an additional token that allowed them to see the data behind user’s posts, photos, and friends for up to two months.
“If you ever took a quiz and removed the app afterwards, external websites would still be able to read your Facebook ID, first name, last name, language, gender, date of birth. You would have only prevented this from happening if you manually deleted your cookies, as the website does not offer a logout functionality.”
It’s unclear if NameTest was deliberately sharing data with third parties.
According to De Ceukelaire, he reported the issue in late April and company took eight days to respond. In May, he checked in with Facebook again, and was told it could take three to six months to investigate the breach, he said. NameTest fixed the issue on Monday.
Company awarded De Ceukelaire $4,000 for his find, then matched this amount when he donated it to the Freedom of the Press Foundation.