Posted by Kyle 10:06 AM (CDT)
Tuesday May 15, 2018
I guess if you just leave all that personal data you collected for sale to others openly exposed on the web for years, you have to wonder how valuable it truly is. That said, the myPersonality Facebook app did actually scrub your name off before exposing your personal data online. Apparently someone working for the app shared some of the code on GitHub, and put working login credentials in the code as well that allowed access to the database, for four years.
Academics at the University of Cambridge distributed the data from the personality quiz app myPersonality to hundreds of researchers via a website with insufficient security provisions, which led to it being left vulnerable to access for four years. Gaining access illicitly was relatively easy.
The publicly available username and password were sitting on the code-sharing website GitHub. They had been passed from a university lecturer to some students for a course project on creating a tool for processing Facebook data. Uploading code to GitHub is very common in computer science as it allows others to reuse parts of your work, but the students included the working login credentials too.