About six million Facebook users had deeply personal information exposed after they answered questions about themselves through a popular app called myPersonality. After the data was collected, it was stored in an open online file that virtually anyone could access over a period of four years, an investigation by New Scientist found.
What information was compromised?
The data included “highly sensitive” information such as results from psychological tests. The app’s terms stated that the data would be distributed in a way that was personally identifiable. But security precautions were lax in protecting the information and it was easy to de-anonymize, the report stated.
Files contained quiz results that list the top five personality traits of 3.1 million users. The scores are typically used in psychology to assess characteristics such as “conscientiousness, agreeableness and neuroticism” the report stated. Also included was access to 22 million status updates from more than 150,000 users. Details on age, gender and relationship status were gleaned from about 4.3 million people.
“This type of data is very powerful and there is real potential for misuse,” Chris Sumner of the Online Privacy Foundation told New Scientist. The UK’s data watchdog, the Information Commissioner’s Office, said it is investigating.
More than 280 people from nearly 150 institutions accessed the information, the report stated. Those figures include researchers at universities and also companies like Facebook, Google, Microsoft and Yahoo, according to the report.
A username and password for the information was available on a code-sharing website called GitHub, New Scientist reported.
It was also learned that the project had links to the Cambridge Analytical data scandal that compromised information for about 85 million Facebook users.
New Scientist explains:
The data sets were controlled by David Stillwell and Michal Kosinski at the University of Cambridge’s The Psychometrics Centre. Alexandr Kogan, at the center of the Cambridge Analytica allegations, was listed as a collaborator on the myPersonality project until the summer of 2014.
Was it shut down?
Facebook suspended myPersonality from its platform on April 7, after discovering the app may have violated its policies because the app included misleading language for how the data is used.
MyPersonality came under review as part of Facebook’s wide investigation of apps on the platform. Facebook began as an investigation into allegations that Cambridge Analytica accessed data from an app called This Is Your Digital Life developed by Kogan, the report stated.