get2Clouds

Another Facebook data breach. Which Disney princess are you?

2018-06-29
data breach

People are still recovering after the controversy created this year by the Cambridge Analytica scandal while Facebook is once again in the eye of the data protection storm. Another personality test of the platform, this time it's about "Which Disney Princess are you?” would have exposed for years the personal data of more than 120 million users.

NameTests.com, the company behind the princess' personality test, used the Zuckerberg platform for allowing users to quickly log in and perform the test. This gave NameTests access to users personal information that afterwards was stored on a page of their server and completely open to the public. Even after deleting the application, data was still available in javascript format.

The ethical hacker Inti De Ceukelaire (@securinti) discovered the vulnerability and reported it to both companies. After checking the leak, he received a $ 4,000 reward offer from Facebook that he decided to donate to a foundation for press freedom. For this reason, Facebook doubled the amount and made an income of $ 8,000 in his name.

Twitshot