According to the report reaching us from our souces, Facebook data on more than 3 million people who took a personality quiz was published onto a poorly protected website where it could have been accessed by unauthorized parties. In a report uncovering the potential leak, our sources say the data contained the answers of Facebook’s users to a personality trait test. Although it didn’t include the names of the users, it however contained their ages, gender, and relationship status. For 150,000 people it contained their status updates.
All that data was supposed to be accessed by only approved researchers through a collaborative website. However, our sources discovered that a username and password that granted access to the data could be found “in less than a minute” with an online search, allowing anyone to download the trove of personal info.
Our sources further stated that the data was gathered by a psychology test called myPersonality. About half of the test’s 6 million participants were said to have allowed their information to be shared anonymously with researchers. The team behind myPersonality allowed any researcher who agreed to use the data anonymously sign up to access the information that had been collected; in total, 280 people were given access and that includes employees of Facebook and other major tech companies.
The basics sound oddly alike to what happened with Cambridge Analytica, which gained access to info from more than 87 million users as a result of a personality test called thisisyourdigitallife. In both cases, the tests were administered by researchers from the University of Cambridge and both had one researcher in common, Aleksandr Kogan.
Kogan was the creator of thisisyourdigitallife and according to our sources, he was listed as part of the myPersonality project until the middle of 2014. The University of Cambridge in a statement to our sources said that myPersonality was started before its creator joined the university and did not go through its ethics review review process.
It is unclear if the data was improperly accessed using the publicly available username and password. A spokesperson of Facebook said that the app was being investigated and would be banned if it “refuses to cooperate or fails our audit.” As part of its ongoing investigation into misuse of user data, Facebook said that it had suspended 200 apps until they undergo a review (including myPersonality).
A leak of 3 million user data though smaller than 87 million, yet shows how data can be misused. Our sources say that even if the data were anonymized, it could easily be re-identified using the extra Facebook information attached to each personality test.