Facebook informed that anyone who was taking those quizzes was asked to install a browser extension, which then collected data from the person's profile
There are several quiz apps in Facebook that everyone comes across – from which animal you are to what your dream destination will be – there is possibly every kind of quizzes out there on the social media site. Some of these apps are malicious and collects thousands of users’ profile data, Facebook said recently.
Facebook also informed that anyone who was taking those quizzes was asked to install a browser extension, which then collected data from the person’s profile – be it a name, profile picture or friends list. from 2016 to October 2018, these extensions were installed as many as 63,000 times.
Now the social media giant is suing two from a company called Web Sun Corp – Andrey Gorbachov and Gleb Sluchevsky of Ukraine for obtaining user information.
Two quizzes titled “Do people love you for your intelligence or your beauty?” and “What does your eye colour say about you?” which were accessed through Facebook Login enabled connections between the social media profiles and third-party apps.
Though the process of establishing this connection was secure, users were falsely told that the app would retrieve a limited amount of data, Facebook said. In court the company said, “Web Sun Corp compromised nearly 63,000 bowsers like this and caused $75,000 damages to Facebook.” The company accused Gorbachov and Sluchevsky of breaking US laws and breaching Facebook’s terms and conditions as well.
Andrew Dwyer, a cyber-security expert at the University of Oxford told BBC that the court document suggested that whoever installed the extensions opened up entry to their Facebook accounts. He also said, Facebook’s existing verification procedures probably have struggled to recognise this malicious activity before allowing the apps to access the user data.
The incident highlights ‘the failures of the app ecosystem’ where little verification is done to check what the apps are doing.