Suspended Facebook App Left 3M Users’ Data Unsecured


Facebook announced that it has suspended 200 apps as part of its ongoing investigation into third parties and the way they handle user data.

The investigation is in response to the Cambridge Analytica scandal, where 87 million Facebook users had their data improperly shared with the controversial research firm.

“We have large teams of internal and external experts working hard to investigate these apps as quickly as possible,” the company wrote in a press release. “To date, thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data. Where we find evidence that these or other apps did misuse data, we will ban them and notify people via this website. It will show people if they or their friends installed an app that misused data before 2015 — just as we did for Cambridge Analytica.”

British magazine New Scientist reported that myPersonality was suspended on April 7, with Facebook saying the app may have violated its policies because of the language used in the app and on its website to describe how data is shared.

In addition, the app may have exposed the data of 3 million Facebook users. More than 6 million users participated in myPersonality, a psychometric test created by University of Cambridge researcher David Stillwell in 2007.

The app was active until 2012, and more than 280 people who were “collaborators” with the project had access to the data collected by myPersonality. New Scientist also reports that a password and username granting access to the data had been publicly available for the past four years.

A statement attributed to Facebook VP of partnerships Ime Archibong read: “[W]e are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it.”

For its part, the University of Cambridge told New Scientist that the app was created by Stillwell before he joined the University, and “did not go through our ethical approval process.”

In a statement to VentureBeat, Stillwell said that “this is clearly a breach of the terms that academics agree to when requesting a collaboration with myPersonality. Once we learned of this, we took immediate steps to stop access to the account and to stop further data sharing. In nine years of academic collaborations, this is the only such instance where something like this has occurred.”


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.