At the time, Cambridge Analytica, a political data company hired during the election of Donald Trump to the United States president, was revealed to have illegally purchased Facebook user data from a professor who had run a name called “Cambridge Analytica.” Thisisyourdigitallife” quiz application. Subsequently, Facebook conducted an audit of third-party apps in May. As a result, approximately 200 applications were suspended.
But now it seems that Facebook is still facing more problems. According to the discovery of Inti De Ceukelaire, an ethical hacker, the NameTests application has security flaws.
On Wednesday, De Ceukelaire described the process of reporting a vulnerability in Facebook’s new “Data Abuse Bounty Program” to publish a website behind the NameTests application. This bug may be just a mistake, or it may be an example of negligence, but to be sure, this shows that Facebook has too little oversight of user data, and hackers can use this data to engage in various malicious activities.
The discovery of the NameTest vulnerability not only indicates that people still do not understand third-party applications that can obtain their data but also suggests that there are problems with Facebook’s “Data Abuse Rewards” program. De Ceukelaire stated that he had reported this issue on April 22, but it was not until eight days that Facebook responded that it was investigating. By May 14, he went to see if Facebook had contacted the developers of NameTest; after eight days, Facebook acknowledged that it might take 3 to 6 months to investigate.
By June 25, De Ceukelaire noticed that NameTest had fixed this vulnerability. After contacting Facebook, the company acknowledged that the vulnerability had been repaired and agreed to donate $ 8,000 to the Freedom of the Press Foundation as part of a reward package. In other words, according to De Ceukelaire, it took Facebook at least a month to solve the problem, and it was a last resort that fulfilled its promise of reward.
Source: CNET