What kind of data leak are you? Hacker says Facebook quizzes still leak data

History has a tendency to repeat itself. Months after Cambridge Analytica, 120 million Facebook users could have their data accessed by malicious websites after a quiz company put data like name, gender, and even photos inside easily accessible Javascript. As Facebook continues auditing hundreds of third-party apps, hacker Inti De Ceukelaire shared how a security vulnerability on the quiz platform nametests.com could have exposed data of 120 million users.

Curious after the Cambridge Analytica scandal, Ceukelaire decided to take his very first Facebook quiz to use his hacking skills to see just how the third-party platform used his data. He used a platform most used by his Facebook friends, nametests.com, and took a quiz: “Which Disney Princess Are You?”

Using his hacking background, Ceukelaire followed the data and found his information inside easily accessible Javascript. The format of Javascript is designed to be shared, which means that any site that you visit after that test could access that data. The data include things like username, gender, friend lists. and shared posts.

The nature of Javascript means that someone who took the test would have to visit a malicious website for a data leak to occur, so the flaw doesn’t mean that data for all 120 million users of the platform was compromised. The easy accessibility of that data, however, is concerning, Ceukelaire says. As an example of just what could happen with that type of security flaw, a pornographic website could access a friend list and use that friend list to blackmail users with the threat of exposure, Ceukelaire suggested.

Once visiting that malicious webpage, data would be accessible for up to two months. Deleting nametests.com also doesn’t solve the issue — users also have to delete the cookies on the device to stop the data access.

As part of Facebook’s Data Abuse Bounty program, the vulnerability has now been corrected; Ceukelaire donated the reward to charity. Nametests says itdidn’t find anything suggesting the data was abused and says it put additional tests in to avoid similar data leaks in the future. Facebook also revoked all access to Nametests, which means users will have to grant the app permission again to continue using the quizzes.

But perhaps what is even more disconcerting is that after Cambridge Analatica, and after data researchers suggested that most Facebook quizzes exist to track your data, and after another quiz app was exposed, online quiz platforms can still say they have 120 million monthly users. Is finding out which Disney princess you are worth allowing another company to access your Facebook data?

Already take the quiz? Find out how to adjust your security settings here.

Giveaways

Win a Flo detection system and catch leaks before they do damage

Your house or apartment is five times more likely to suffer water damage than it is a fire or burglary, so it makes sense to add water damage prevention measures. We're giving one lucky winner a brand-new Flo smart leak detection system.
Mobile

With a public API, Venmo’s default privacy settings expose private user data

Fans of Venmo may want to consider changing their privacy settings. A security researcher was able to analyze over 200 million Venmo transactions through its public API, which exposed many private details about its users.
Business

Tinder begins testing Bitmoji feature in Mexico and Canada using Snap Kit

Using Snapchat's latest developer platform known as Snap Kit, Tinder has begun testing the Bitmoji feature in Mexico and Canada. By connecting their Snapchat and Tinder accounts, users are able to send Bitmojis through the dating app.
Computing

Chrome is still our favorite browser (but Firefox is catching up!)

Choosing a web browser for surfing the web can be tough with all the great options you have out there. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most…
Mobile

Split your Uber charges with friends more easily than ever with Venmo

After noting that more than six million Venmo transaction descriptions included the word "Uber," the PayPal-owned app, Venmo, decided to help users cut down on the number of steps needed to repay friends. 
Home Theater

What is Netflix Roulette, and how exactly does it work?

For years, educated viewers have been using Netflix Roulette to broaden their horizons. The web app can help you find movies and shows you'd never think to watch! What exactly is it, though, and how do you use it? We explain.
Mobile

These are the best video chat apps to help you stay in touch

Though still relatively new, video chat apps can help you connect with people from around the world. Here are our personal favorites to help you keep in touch regardless of smartphone OS.
Mobile

The world can be your oyster with a little help from the best travel apps around

Traveling doesn't need to be a time-consuming nuisance. Our handpicked selection of the best travel apps will keep things simple, whether you need cost comparisons for hotels or directions to renowned eateries.
Virtual Reality

Got a Gear VR headset? These are the apps and games you've got to try

Before you put on your new Gear VR headset, you should know which apps and games are worth downloading. Whether you're a fan of documentaries or arcade games, here's a list of the best Gear VR apps and games to be had.
Android Army

From Oreo to Jelly Bean, here's how to turn off notifications in Android

If you're sick of spam Android notifications, then identify the apps responsible and get rid of them. We explain how to find offending apps and turn off notifications in Android, no matter what version you're running.
Computing

The best Windows apps

Not sure what apps you should be downloading for your newfangled Windows device? Here are the best Windows apps, whether you need something to speed up your machine or access your Netflix queue. Check out our categories and favorite picks!
Mobile

Best iOS app deals of the day! 6 paid iPhone apps are free for a limited time

Everyone likes apps, but sometimes the best ones are a bit expensive. Developers put paid apps on sale for a limited time, but you have to snatch them up fast. Here are the latest and greatest iOS app deals offered in the iOS App Store.
Computing

Facebook wants to own your face. Here’s why that’s a privacy disaster

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity. Scanning your face is easier than remembering a password, that’s for sure. But while facial recognition technology has gone mainstream with…
Mobile

Worried about extra data charges? Here’s how to check your usage on an iPhone

It's common to get a little nervous about nearing data limits. Keep your peace of mind by checking how much data your iPhone is using. Our guide on how to check data usage on an iPhone helps you stay in control.
Mobile

How to improve your Android privacy

If you have an Android device and you’re concerned about your privacy, then we have a few tips for you. Learn about the settings you can change to improve your Android privacy and safeguard your personal data.
Social Media

What is Reddit? A beginner’s guide to the front page of the internet

So, what is Reddit exactly? Here, we breakdown the terminology, perks, and various inner workings of everyone's favorite social platform. Understanding the self-proclaimed "front page of the internet" has never been so easy.
Computing

Relive 1998 as live chat rooms roll out across Reddit in a limited beta

Reddit is slowly rolling out real-time chat rooms across a limited number of subreddits. Currently in beta, Reddit Chat went live in 2017 for a small group of around 7,000 users. Reddit is now expanding this service.
Photography

3 simple things you can do to step up your selfie game

Taking a selfie might seem simple enough, but there's more to it than meets the eye. Here are three elements to keep in mind the next time you take a selfie to share on social media.
Photography

What is portrait mode? How tech helps smartphones capture a better you

Several years ago, portrait modes started showing up on phones and quickly became one of the most popular ways to capture selfies, profile pics, and more. But how does portrait mode work, and how much difference does it make?
Social Media

You could soon shop on Snapchat with a new visual search tool called Eagle

Shopping and Snapchat could soon be synonymous. As originally reported by TechCrunch, the popular social media platform is experimenting with a new visual search feature called "Eagle."
Mobile

Ready to party? Pinterest expands group boards with new activity feed, threads

Pinning with a group? Pinterest group boards are now more conversation-friendly. A new activity board collects all the changes in one place, while new threads encourage group conversations among the Pins and comments.
Social Media

Augmented reality is coming to Facebook — in the form of advertisements

Augmented reality is coming to Facebook, but perhaps not in the way that you would have wanted. Facebook announced on Tuesday, July 10 that it has begun testing AR advertisements within its Newsfeed.