Facebook Hit by Yet Another Data Breach

Facebook hasn’t had a good start to the year, with numerous problems coming to light in the past 6 months. In February 2018, we looked at how one of Facebook’s mobile applications was accused of installing spyware on iPhones. Then, in March, it came to light that around 50 million user profiles had been harvested for their personal information, without those members of the website being made aware.

Shortly afterwards, even more issues were raised, with the social media giant accused of spying on Messenger chats, remote-deleting messages involving the CEO, and potential plans to hand over user data to local hospitals and caregivers.

Clearly, it’s not going well for the company, and the spotlight is still very much on the website. Unfortunately for Facebook, that spotlight has illuminated yet another data breach that hasn't previously been exposed. Below, we'll look at the issue in more detail.

User data available through Google

The previous data breach involved researchers belonging to Cambridge Analytica, associated with the University of Cambridge. Though this scandal involves a different group of researchers, they too are associated with the same university, being a part of the ‘Psychometrics Centre’.

User data was gathered through an application on the Facebook platform, called 'myPersonality'. Though the app required consent from users of the social media website, most users would blindly accept the requested permissions for trusted applications. So, it's unlikely that people would expect that their data was going to be exposed to third parties.

The researchers responsible made the data that was gathered available on an online web portal, so that other authorised researchers within the group could access and analyse the information, as required. This portal was protected by a username and password. However, the credentials to log into the web portal were shared on code-sharing, version control website, GitHub. Though some level of anonymity was used, the credentials could supposedly easily be linked back to the relevant data.

As part of an online statement made by the Psychometrics Centre, the department of Cambridge University responsible for the breach, an attempt was made to clearly differentiate the application from the 'thisisyourdigitallife' application that was responsible for the previous data incident back in March. Researchers explained that the 'myPersonality' application didn't go so far as to harvest data from the connected friends of consenting profiles.

Facebook’s response

The myPersonality application has now been suspended since April 7th, with users no longer able to access and use it with their Facebook profiles. Given the date of the suspension, this revelation has clearly come after the previous data breach was announced back in March. Facebook had the following to say on the matter:

"We suspended the myPersonality app almost a month ago because we believe that it may have violated Facebook’s policies (…) we are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it.”

In fairness to the social media website, there may well be more applications that come out of the woodwork now that the public eye is heavily focused upon them and their actions. However, it raises the question as to how much stringent checking Facebook have previously conducted on applications that use the platform for data gathering. It’s possible that more applications like these two mentioned above may come to light in the coming months, whilst Facebook is under increased scrutiny.

What you can do

Whether you decide to continue using your Facebook profile is up to you. There have been many reports on the number of people choosing to delete their user profiles, but equally, if you’d like to keep your profile and stay connected to your friends, you could check out our guide to updating your Facebook privacy settings. If you do decide to continue using the platform, then be careful if using any third-party applications and games; always check the permissions being requested from you.

If you’ve got any concerns about the privacy of your data in general, and staying safe online, there are some things that you can do to increase your security and anonymity, such as using a VPN (Virtual Private Network) and picking safe and secure passwords. For any more advice, get in touch with WiseGuys to speak to a support agent on 0808 123 2820.

Latest Articles

General January 09, 2017

The Microsoft Scam

The Microsoft Scam. Find out what it is and how to protect yourself.