Rhett Jones reports:
Facebook’s race to prove it’s a good and trustworthy company over the last few months kicked off when it was revealed that a quiz app sold user data to a political firm. Now, a different quiz app is getting some heat. A researcher discovered that a third-party app called NameTests left the data of 120 million Facebook users exposed to anyone who happened to find it.
[…]
On Wednesday, De Ceukelaire described the process of reporting a flaw in the website behind the quiz app to Facebook’s newly founded Data Abuse Bounty program. Having never personally used a quiz app, De Ceukelaire started looking at the apps his friends on Facebook had installed. He elected to take his first quiz through the NameTests app. As he started tracing how his data was being handled, he noticed that NameTest’s website was fetching his information from the URL “http://nametests.com/appconfig_user.” His personal data was held in a JavaScript file that could easily be requested by any website that knew to ask.
Read more on Gizmodo.