Welp, it looks like another quiz app may have exposed millions of Facebook users’ personal data.
A personality quiz app created by researchers exposed personal data on more than 3 million Facebook users, according to a report published in New Scientist.
The app in question is a quiz app called “myPersonality,” which was created by researchers at the University of Cambridge. The quiz was completed by more than 6 million people, some of whom also opted to share Facebook profile data with the researchers.
This profile data, along with the quiz results, was made available to a select group of researchers both in and outside of Cambridge.
But while this data was supposed to be restricted to approved groups, lax security measures reportedly left the data vulnerable to anyone who was looking for it. Login credentials for the website where this data was stored was readily available on GitHub for four years, according to New Scientist.
Facebook has since suspended the myPersonality app as part of a wider effort to crack down on apps that violated its data privacy policies. But the incident is yet another black mark for the social network, which has been criticized for not doing enough to protect user data.
The incident also bears striking similarities to the Cambridge Analytica situation, in which more than 50 million Facebook users’ data was scraped and sold without their knowledge. In that case, the data in question was also gathered via a personality quiz created by a University of Cambridge professor.
In fact, the professor who created that quiz app, Alexandr Kogan, was also associated with the researchers who created the myPersonality quiz. New Scientist even reports that Cambridge Analytica tried to access the myPersonality data but was rebuffed.
In addition to the suspension, Facebook is reportedly investigating the incident and could still take further action.
The social network’s VP of Product Partnerships, Ime Archibong, said Monday that Facebook’s working on additional tools that will notify users whose data was misused by third-party app developers, just like it did with Cambridge Analytica.