What Happened?

After the Cambridge Analytica data mining operation, Facebook held a bug bounty that offered a decent payout for anyone who found problems with its system. Inti, an ethical hacker who often participates in bug bounties, was determined to find something worthy of the social network’s “data abuse bounty program.” After a bit of trial and error, he found something surprising that could compromise more than 120-million users on the platform. If you have ever taken one of those little personality tests or quizzes on Facebook that ask you for certain permissions, you’ve probably landed on the bug he found. The hacker set up a test site to see if he could pull up someone’s data using a JavaScript request and was able to use a separate database set up by “Nametests.com” to get whatever he pleased. From the modest amount of data that the quiz developer had on him, he was able to query Facebook for several other things like profile picture history, friends’ pictures, etc. One could theoretically crawl even further and build an entire tree of data based on this and other users who have used the app. Keep in mind that most people catch wind of these inane quizzes through their friends who often share their results. These quizzes are often centered around mundane things like “Which Disney princess are you?” or “Which classical musician are you?” What’s the harm in that? As Inti found, there is much potential harm.

Let’s Be Fair

After Inti found the bug, he reported it to Facebook. This happened on April 22, 2018. On June 28, 2018, Facebook announced the discovery and the bounty payment to Inti, saying that it worked with the Nametests.com developer (Social Sweethearts) to get this sorted out quickly. As far as we know no one has tried to exploit the bug during the time it existed, so mission accomplished!

Why You Still Need To Protect Yourself

Despite Facebook’s best efforts, we have no way of knowing whether their patch with Social Sweethearts actually would prevent further attempts of this type of data mining from other firms and individuals. It’s not a given that your data is secure because one hole in the system was plugged up. For this reason you really should take more control of your information by following the steps below.

Go to your Settings and navigate to “Apps and Websites.”Review the apps that you are currently logged into and remove them. You can also edit the permissions of any app you decide to keep.

To be sincere, I was going to also advise you to go to the “Apps Others Use” section of your preferences, but Facebook apparently removed it. Here’s what the company said: It’s not very clear on whether the settings were removed because your data can no longer be accessed by applications your friends use or if this will now be permanently enabled. For this reason you should be extra careful about the data you share with friends on Facebook. If there’s something sensitive, make a phone call or simply step outside into the fresh air and go jogging, biking, or just sit in a cafe with a friend. It’s old tech, but it’s good for you! What other steps do you take to protect your data on Facebook? Share them with us!