Suspended Facebook App Left 3M Users’ Data Unsecured


Facebook announced that it has suspended 200 apps as part of its ongoing investigation into third parties and the way they handle user data.

The investigation is in response to the Cambridge Analytica scandal, where 87 million Facebook users had their data improperly shared with the controversial research firm.

“We have large teams of internal and external experts working hard to investigate these apps as quickly as possible,” the company wrote in a press release. “To date, thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data. Where we find evidence that these or other apps did misuse data, we will ban them and notify people via this website. It will show people if they or their friends installed an app that misused data before 2015 — just as we did for Cambridge Analytica.”

British magazine New Scientist reported that myPersonality was suspended on April 7, with Facebook saying the app may have violated its policies because of the language used in the app and on its website to describe how data is shared.

In addition, the app may have exposed the data of 3 million Facebook users. More than 6 million users participated in myPersonality, a psychometric test created by University of Cambridge researcher David Stillwell in 2007.

The app was active until 2012, and more than 280 people who were “collaborators” with the project had access to the data collected by myPersonality. New Scientist also reports that a password and username granting access to the data had been publicly available for the past four years.

A statement attributed to Facebook VP of partnerships Ime Archibong read: “[W]e are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it.”

For its part, the University of Cambridge told New Scientist that the app was created by Stillwell before he joined the University, and “did not go through our ethical approval process.”

In a statement to VentureBeat, Stillwell said that “this is clearly a breach of the terms that academics agree to when requesting a collaboration with myPersonality. Once we learned of this, we took immediate steps to stop access to the account and to stop further data sharing. In nine years of academic collaborations, this is the only such instance where something like this has occurred.”



B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.