Facebook data on more than 3 million people who took a personality questionnaire were published on a poorly protected website where it could have been accessed by unauthorized third parties, according to New Scientist . In a report exposing the potential leak, New Scientist says that the data contained the responses of Facebook users to a personality trait test. Although it did not include the names of the users, in many cases it contained their age, sex and relationship status. For 150,000 people, it even contained their status updates.
All that information was supposed to be accessible only to approved researchers through a collaborative website. However, New Scientist discovered that a username and password granting access to the data could be found "in less than a minute" with an online search, allowing anyone to download the treasure of personal information.
The data was compiled by a psychology test called myPersonality, according to New Scientist . It is said that about half of the 6 million participants in the test allowed their information to be shared anonymously with the researchers. The team behind myPersonality allowed any researcher who agreed to use the data to subscribe anonymously to access the information that had been collected; In total, 280 people had access, including Facebook employees and other important technology companies, according to the report.
The basics here sound remarkably similar to what happened with Cambridge Analytica, which gained access to information from more than 87 million Facebook users thanks to a personality test called thisisyourdigitallife. In both cases, the tests were initially done by researchers at the University of Cambridge. And both had even one researcher in common: Aleksandr Kogan.
Kogan was the creator of thisisyourdigitallife, and according to New Scientist was included as part of the myPersonality project until mid-2014; It seems that the project started around 2009. The University of Cambridge said New Scientist that my Personality began before its creator joined the university and did not go through its ethical review process.
It is not known if the data was accessed incorrectly using the publicly available username and password. A Facebook spokesperson said New Scientist that the application was being investigated and would be banned if it "refuses to cooperate or our audit fails". As part of its ongoing investigation into the misuse of user data, Facebook said this morning that it has so far suspended 200 applications pending review. That included myPersonality.
While a leak of 3 million data users is much smaller than the 87 million obtained by Cambridge Analytica, the story still serves as another warning of how easily this information can be disseminated and how detailed it can be. One of the most important problems here is that, although the data was supposed to be anonymous, New Scientist notes that it could easily have been reidentified using the extra Facebook information attached to each personality test.