4 million Facebook users' details 'exposed by Cambridge academics'

Personal data including age, location and gender was accessible to anyone - report

The personal information of more than four million Facebook users was stored in an easily-accessible online database for the last four years, it has been revealed.

The database, which was created by researchers from the University of Cambridge and features highly sensitive information, was left exposed with minimal protections.

Facebook users' data was compiled through a Facebook app called myPersonality - a personality quiz similar to the ThisIsYourDigitalLife app that Alexandr Kogan used to collect the data that would later be passed to Cambridge Analytica.

Included in the database were details including age, gender, location and relationship status for 4.3 million people, as well as 22 million status updates from 150,000 users, according to the New Scientist, which broke the news following an investigation it conducted.

The purpose of the quiz was to gather information on users' 'Big Five' personality traits - five broad factors that are used in some branches of psychology to analyse an individual's personality. The database included the 'Big Five' scores of 3.1 million Facebook users.

Advertisement
Advertisement - Article continues below

While their datasets were supposedly anonymised, with users' names stripped out prior to publication, the rest of their details were still linked, making it comparatively easy to determine the users' identity, according to the publication.

The men behind the project are Michal Kosinski and David Stillwell, two researchers from Cambridge University's Psychometrics Centre - although the university said that Stillwell created the app prior to his employment.

The data was made available to other researchers who wanted to use it in their own studies, with the proviso that they use it in such a manner that the data could not be traced back to the individual participants of the quiz, while researchers from private companies could use it for non-commercial purposes provided they agreed to be bound by strict data protection policies.

Researchers from Google, Microsoft and Yahoo registered to use the data, as well as academics from around 150 universities, totalling almost 300 people. However, one university lecturer apparently gave students the credentials to access the database as part of a course on analysing Facebook data.

The login details were then uploaded to GitHub, where they were easily accessible via a simple Google search, allowing anyone to access the database. The GitHub page remained up for around four years.

Facebook suspended the myPersonality quiz last month over concerns that the language describing how data was shared violates its terms of service, and has launched an investigation to determine if a violation has taken place. The Information Commissioner's Office is also examining the case, although an official investigation has not been announced.

Stillwell told the New Scientist that over the course of the project's lifespan, it has only experienced one data breach, saying "we believe that academic research benefits from properly controlled sharing of anonymised data among the research community".

The news comes after the Cambridge Analytica scandal, in which the US analytics firm allegedly siphoned millions of users' data from an app created by Cambridge professor Aleksandr Kogan to try to influence voters in the 2016 US presidential election.

It has raised questions around what third-parties do with Facebook users' data, and the lack of controls Facebook had in place to monitor their usage of such information. Last week Facebook revealed it has suspended 200 apps amid an investigation into whether third parties misused users' information.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/strategy/28185/what-is-data-mining
Business strategy

What is data and big data mining? An easy guide

22 Aug 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019