Suspended Facebook App Left 3M Users’ Data Unsecured


Facebook announced that it has suspended 200 apps as part of its ongoing investigation into third parties and the way they handle user data.

The investigation is in response to the Cambridge Analytica scandal, where 87 million Facebook users had their data improperly shared with the controversial research firm.

“We have large teams of internal and external experts working hard to investigate these apps as quickly as possible,” the company wrote in a press release. “To date, thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data. Where we find evidence that these or other apps did misuse data, we will ban them and notify people via this website. It will show people if they or their friends installed an app that misused data before 2015 — just as we did for Cambridge Analytica.”

British magazine New Scientist reported that myPersonality was suspended on April 7, with Facebook saying the app may have violated its policies because of the language used in the app and on its website to describe how data is shared.

In addition, the app may have exposed the data of 3 million Facebook users. More than 6 million users participated in myPersonality, a psychometric test created by University of Cambridge researcher David Stillwell in 2007.

The app was active until 2012, and more than 280 people who were “collaborators” with the project had access to the data collected by myPersonality. New Scientist also reports that a password and username granting access to the data had been publicly available for the past four years.

A statement attributed to Facebook VP of partnerships Ime Archibong read: “[W]e are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it.”

For its part, the University of Cambridge told New Scientist that the app was created by Stillwell before he joined the University, and “did not go through our ethical approval process.”

In a statement to VentureBeat, Stillwell said that “this is clearly a breach of the terms that academics agree to when requesting a collaboration with myPersonality. Once we learned of this, we took immediate steps to stop access to the account and to stop further data sharing. In nine years of academic collaborations, this is the only such instance where something like this has occurred.”



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border. Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.