Facebook has found itself at the center of another privacy storm this week after it emerged that an app developer stored highly sensitive profile information on over three million users on a poorly secured website for years.
Developers of the myPersonality app harvested details including age, gender and relationship status from 4.3 million users of the app as well as psychological personality scores from 3.1 million users and status updates from over 150,000 people, according to the New Scientist.
The names of the users were then removed and the data stored on a site for registered academics and researchers at firms including Facebook, Google and Microsoft to query.
However, a publicly available username and password could be easily found on GitHub for four years. It is also thought that deanonymizing the data for many of the victims would be fairly easy given the wide range of information collected by the app and tied to unique user IDs.
The revelations have striking similarities to the now notorious thisisyourdigitallife case in which Cambridge University professor Alexandr Kogan is said to have broken Facebook’s former terms of service by sharing data he harvested on 50 million users with political consultancy Cambridge Analytica.
Although in this case the app’s developers are said to have refused overtures from the notorious political ads firm to access the data, Kogan was a collaborator on the project until 2014.
The case once again highlights the privacy challenges facing Facebook from rogue app developers and will add further weight to the argument that the social network was too trusting of third parties requesting access to its users’ data.
Facebook suspended the mypersonality app in April claiming it may have violated its terms. The social network revealed on Monday that its ongoing investigation, precipitated by the Kogan crisis, has seen around 200 such apps suspended.