Facebook data on more than 3 million people who took a
personality quiz was published onto a poorly protected website where it
could have been accessed by unauthorized parties, according to New Scientist. In a report exposing the potential leak, New Scientist
says that the data contained Facebook users’ answers to a personality
trait test. While it didn’t include users’ names, in many cases it
contained their age, gender, and relationship status. For 150,000
people, it even contained their status updates.
All that data was supposed to be accessible only to approved researchers through a collaborative website. However, New Scientist found
that a username and password that granted access to the data could be
found “in less than a minute” with an online search, enabling anyone to
download the trove of personal information.
The data was gathered by a psychology test called myPersonality, according to New Scientist.
Around half of the test’s 6 million participants are said to have
allowed their information be anonymously shared with researchers. The
team behind myPersonality let any researcher who agreed to use the data
anonymously sign up to access the information that had been collected;
in total, 280 people were given access, including employees of Facebook
and other major tech companies, according to the report.
The basics here all sound remarkably similar to what
happened with Cambridge Analytica, which gained access to information
from more than 87 million Facebook users thanks to a personality test
called thisisyourdigitallife. In both cases, the tests were initially
made by University of Cambridge researchers. And both even had one
researcher in common: Aleksandr Kogan.
Kogan was the creator of thisisyourdigitallife, and according to New Scientist,
he was listed as part of the myPersonality project until mid-2014; it
sounds as though the project began around 2009. The University of
Cambridge told New Scientist that myPersonality was started before its creator joined the university and did not go through its ethics review process.
It’s not known whether the data was improperly accessed
using the publicly available username and password. A Facebook
spokesperson told New Scientist that the app was being
investigated and would be banned if it “refuses to cooperate or fails
our audit.” As part of its ongoing investigation into misuse of user
data, Facebook said this morning that it had so far suspended 200 apps pending review. That included myPersonality.
While a leak of 3 million users’ data is far smaller than
the 87 million obtained by Cambridge Analytica, the story still serves
as another warning of how easily this information can spread around and
just how detailed it can be. One of the bigger issues here is that, even
though the data was supposed to be anonymized, New Scientist points out that it easily could have been re-identified using the extra Facebook information attached to each personality test.
Comments
Post a Comment