According to a startling new report, the University of Cambridge has been using Facebook user data obtained from a popular personality app dubbed as myPersonality.
The tool is used for implementing targeted marketing according to users’ personality type. The app was used by roughly 3 million Facebook users, which means their private data including answers to intimate personality surveys/questionnaires got exposed. The data remained publicly accessible for years.
According to NewScientist’s exclusive report, the data acquired from myPersonality quiz app was distributed among a vast number of researchers through a poorly secured website due to which the data of millions of users remained vulnerable to access for nearly four years making it easier for malicious cyber criminals to gain unauthorized access to such highly sensitive user data.
The data included user responses on a variety of psychological analysis tests as well as personal details of millions of Facebook users. The data acquired by the app was to be stored, shared secretly and reserved for those who had paid for it.
However, given that the process was not adequately protected it was possible for anyone to perform deanonymizing. Perhaps, user data has become the most profitable and productive mode of earning money.
Additionally, what’s most agonizing is the fact that in this particular case data of such confidential nature was distributed casually among other researchers without necessary anonymizing. Chris Sumner of Online Privacy Foundation told NewScientist that, this kind of data is extremely powerful so there is “potential for misuse.”
David Stillwell and Michal Kosinski from The Psychometrics Centre at the University of Cambridge were responsible for controlling the data sets while Alexandr Kogan served as the collaborator on the myPersonality project until mid-2014.
The full data set could only be accessed by people who registered as collaborators on the project; over 280 people from 150 institutions became collaborators. These included researchers from prominent universities and mainstream tech firms like Yahoo, Google, Microsoft and of course, Facebook.
Kogan is the central figure who is being held responsible for the data misuse. The data was initially locked with a username and password but later the credentials were posted online on the most commonly used data sharing platform, GitHub.
This is how those who weren’t authorized to access the data on grounds of not registering as collaborators or not having permanent academic contract could obtain the credentials through a single web search.
New Scientist’s report hints at the onset of a larger scandal that could further jeopardize the position of Facebook amidst echoes of the damaging Cambridge Analytica fiasco where data of 87m Facebook users was illegally accessed. However, what’s different is the fact that a number of reputed and respected universities’ researchers are also involved this time.
It must be noted that since April 7, the myPersonality app has remained suspended. In an email conversation, Facebook’s product partnerships vice president Ime Archibong told CNET that:
“We suspended the myPersonality app almost a month ago because we believe that it may have violated Facebook’s policies. We are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it.”
Facebook has initiated efforts to track down and suspend apps that misuse user data and so far about 200 apps have been removed, claims Archibong. However, the social network vows to investigate more and notify users regarding the exact way their data would be affected in case evidence of potential abuse is identified.
There hasn’t been any response from the University of Cambridge’s Psychometrics Centre as well as Aleksandr Kogan despite several requests for comment.