Skip to main content

What kind of data leak are you? Hacker says Facebook quizzes still leak data

History has a tendency to repeat itself. Months after Cambridge Analytica, 120 million Facebook users could have their data accessed by malicious websites after a quiz company put data like name, gender, and even photos inside easily accessible Javascript. As Facebook continues auditing hundreds of third-party apps, hacker Inti De Ceukelaire shared how a security vulnerability on the quiz platform could have exposed data of 120 million users.

Curious after the Cambridge Analytica scandal, Ceukelaire decided to take his very first Facebook quiz to use his hacking skills to see just how the third-party platform used his data. He used a platform most used by his Facebook friends,, and took a quiz: “Which Disney Princess Are You?”

Using his hacking background, Ceukelaire followed the data and found his information inside easily accessible Javascript. The format of Javascript is designed to be shared, which means that any site that you visit after that test could access that data. The data include things like username, gender, friend lists. and shared posts.

The nature of Javascript means that someone who took the test would have to visit a malicious website for a data leak to occur, so the flaw doesn’t mean that data for all 120 million users of the platform was compromised. The easy accessibility of that data, however, is concerning, Ceukelaire says. As an example of just what could happen with that type of security flaw, a pornographic website could access a friend list and use that friend list to blackmail users with the threat of exposure, Ceukelaire suggested.

Once visiting that malicious webpage, data would be accessible for up to two months. Deleting also doesn’t solve the issue — users also have to delete the cookies on the device to stop the data access.

As part of Facebook’s Data Abuse Bounty program, the vulnerability has now been corrected; Ceukelaire donated the reward to charity. Nametests says itdidn’t find anything suggesting the data was abused and says it put additional tests in to avoid similar data leaks in the future. Facebook also revoked all access to Nametests, which means users will have to grant the app permission again to continue using the quizzes.

But perhaps what is even more disconcerting is that after Cambridge Analatica, and after data researchers suggested that most Facebook quizzes exist to track your data, and after another quiz app was exposed, online quiz platforms can still say they have 120 million monthly users. Is finding out which Disney princess you are worth allowing another company to access your Facebook data?

Already take the quiz? Find out how to adjust your security settings here.

Editors' Recommendations

Hillary K. Grigonis
Hillary never planned on becoming a photographer—and then she was handed a camera at her first writing job and she's been…
Facebook faces another huge data leak affecting 267 million users
mark zuckerberg speaking in front of giant digital lock

More than 267 million Facebook users’ IDs, phone numbers, and names were exposed to an online database that could potentially be used for spam and phishing campaigns. 

Security researcher Bob Diachenko uncovered the database, according to Comparitech. The database was first indexed on December 4, but as of today, December 19, it is unavailable. Comparitech reports that before the site was taken down, the database was found on a hacker forum as a downloadable file. 

Read more
Now that you can easily transfer photos out of Facebook, will you stay?
mark zuckerberg speaking in front of giant digital lock

Facebook on Monday announced a new feature that will begin rolling out in Ireland before spreading elsewhere: The ability to transfer your Facebook photos directly to other platforms without having to download them first. The feature will initially only port your pics over to Google Photos, though it's likely more platforms are on the way.

This is a step forward from Facebook's already-existing data portability tool, “Download Your Information,” which allows a user to keep a copy of everything they’ve ever put on Facebook on their private computer. In a statement, Facebook told Digital Trends that “the feedback we’ve received over the years tells us that although this tool is helpful, it isn’t seamless enough for users to take information directly from one service to another.”

Read more
You will soon be able to migrate your Facebook photos and videos to Google Photos
close up of someone deleting the Facebook app off their iPhone

Facebook will soon let you easily migrate those hundreds of old photos and videos you uploaded ages ago to other services like Google Photos. In a blog post, the social network said it’s rolling out a new tool in Ireland that allows you to port your Facebook media without having to manually download and upload it someplace else.

The announcement is the result of Facebook’s participation in the Data Transfer Project, an open-source initiative to enable cross-platform data migration between various platforms. Facebook has been a member of the project for a while along with Apple, Google, Twitter, and more. Incidentally, the tools that allow you to download all your Facebook or Google data were based on the code developed through the Data Transfer Project as well.

Read more