4 million Facebook users' details 'exposed by Cambridge academics'

Personal data including age, location and gender was accessible to anyone - report

The personal information of more than four million Facebook users was stored in an easily-accessible online database for the last four years, it has been revealed.

The database, which was created by researchers from the University of Cambridge and features highly sensitive information, was left exposed with minimal protections.

Facebook users' data was compiled through a Facebook app called myPersonality - a personality quiz similar to the ThisIsYourDigitalLife app that Alexandr Kogan used to collect the data that would later be passed to Cambridge Analytica.

Included in the database were details including age, gender, location and relationship status for 4.3 million people, as well as 22 million status updates from 150,000 users, according to the New Scientist, which broke the news following an investigation it conducted.

The purpose of the quiz was to gather information on users' 'Big Five' personality traits - five broad factors that are used in some branches of psychology to analyse an individual's personality. The database included the 'Big Five' scores of 3.1 million Facebook users.

While their datasets were supposedly anonymised, with users' names stripped out prior to publication, the rest of their details were still linked, making it comparatively easy to determine the users' identity, according to the publication.

The men behind the project are Michal Kosinski and David Stillwell, two researchers from Cambridge University's Psychometrics Centre - although the university said that Stillwell created the app prior to his employment.

The data was made available to other researchers who wanted to use it in their own studies, with the proviso that they use it in such a manner that the data could not be traced back to the individual participants of the quiz, while researchers from private companies could use it for non-commercial purposes provided they agreed to be bound by strict data protection policies.

Researchers from Google, Microsoft and Yahoo registered to use the data, as well as academics from around 150 universities, totalling almost 300 people. However, one university lecturer apparently gave students the credentials to access the database as part of a course on analysing Facebook data.

The login details were then uploaded to GitHub, where they were easily accessible via a simple Google search, allowing anyone to access the database. The GitHub page remained up for around four years.

Facebook suspended the myPersonality quiz last month over concerns that the language describing how data was shared violates its terms of service, and has launched an investigation to determine if a violation has taken place. The Information Commissioner's Office is also examining the case, although an official investigation has not been announced.

Stillwell told the New Scientist that over the course of the project's lifespan, it has only experienced one data breach, saying "we believe that academic research benefits from properly controlled sharing of anonymised data among the research community".

The news comes after the Cambridge Analytica scandal, in which the US analytics firm allegedly siphoned millions of users' data from an app created by Cambridge professor Aleksandr Kogan to try to influence voters in the 2016 US presidential election.

It has raised questions around what third-parties do with Facebook users' data, and the lack of controls Facebook had in place to monitor their usage of such information. Last week Facebook revealed it has suspended 200 apps amid an investigation into whether third parties misused users' information.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

What is data and big data mining? An easy guide
Business strategy

What is data and big data mining? An easy guide

30 Sep 2020
DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020

Most Popular

Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020