Another Facebook fail has put one more question to Facebook’s credibility. Ethical hacker and security researcher, Inti De Ceukelaire, discovered how a popular Facebook application ‘NameTests’ leaked users’ data. According to his findings, the app had a userbase of about 120 million, all of which was publicly available. The researcher shared his findings in a blog post on Medium.
According to De Ceukelaire, NameTests leaked data online for several years. However, this was not a deliberate move, rather a flaw in NameTests’ website coding. When the researcher tried this app himself, he found that the app displayed his profile information wrapped in JavaScript that anyone could share.
Inti De Ceukelaire discovered this vulnerability around two months ago. He informed Facebook about the flaw on April 22, 2018. However, Facebook replied to him that it would take them a few months to investigate the matter.
On June 25, 2018, he discovered that NameTests made some changes in their data processing so that no third party could access the data. However, until this time, NameTests continued to run in the usual way. He later contacted Facebook, informed them about the fix (which he confirmed from the NameTest’s Digital Protection Officer), and won a bounty of $8,000 for a charity.