Another Facebook Breach Exposes Intimate Details of 3 Million People

We all know about how Cambridge Analytica, which harvested personal data through Facebook’s database, was caught a few months ago. A new shocking report somewhat related to this case has emerged which suggests that data of 3 million people gathered by another researcher has been available for free on the internet and could be downloaded by almost anybody for four years.

This time, the data was harvested through another personality app called myPersonality. New Scientist reported that this data harvest was overseen by University of Cambridge’s Psychometrics Center deputy director, David Stillwell for educational purposes and it was distributed among researchers over the web.

These scores are used in psychology to assess people’s characteristics, such as conscientiousness, agreeableness and neuroticism. The credentials also allowed access to 22 million status updates from over 150,000 users, alongside details such as age, gender and relationship status from 4.3 million people.

The personality test app was active from 2007 to 2012, it was a side project of David Stillwell and Michal Kosinski. Interestingly, Aleksandr Kogan was also previously a part of this project, however, do note that there’s no relation between Cambridge Analytica and the University of Cambridge even though they have similar names.


myPersonality was used by more than 6 million people who responded to its surveys and half of those users gave consent to the app to access their profiles.

By getting access, the app was able to monitor statuses, likes, demographics, and pretty much everything other than private messages or friends list. This app, however, respected anonymity and never disclosed names of the profiles. It distributed data solely for research purposes and never let the information be “traced back to the individual user”.


WhatsApp Co-Founder Leaves Facebook

Sensitive Info

This does not mean that the data was useless, it contained sensitive material and psychological tests that can easily be misused if they got into the wrong hands. “This type of data is very powerful and there is real potential for misuse,” said Online Privacy Foundation’s Chris Sumner.

To gain access, you would have to register as a trustworthy collaborator – more than 280 entities, from 150 institutions including Microsoft, Google, and Facebook signed up to get access to the full data. A permanent academic contract was required to get the full data, individuals with no such background were not entitled to access.

This data was stored unprotected and could be easily, albeit illegally, accessed by almost anyone with a computer and a working internet connection.


The data was crucial, even though the collectors assured that it could not be traced back to its owners, it was still quite possible for malicious users to narrow down their searches with the right tools and time due the poor security provisions.

“You could re-identify someone online from a status update, gender and date,” says Paul Dixon, from the World Privacy Forum

For those who were not entitled to myPersonality’s data, they could easily use someone else’s account credentials to get access to the rich database.

A lecturer posted his username and password on GitHub so that students can also use this data, anyone could use these credentials with minimal computer technique. When prompted, Stillwell defended his application by saying that,

myPersonality collaborators have published more than 100 social science research papers on important topics that advance our understanding of the growing use and impact of social networks. We believe that academic research benefits from properly controlled sharing of anonymised data among the research community.


Shocking: Here’s How Much Personal Data Facebook Has On You

Free Access

Facebook’s third-party data access did make it easier for users to connect, but also allowed critical leaks as information stored on its platform can be used for a number of purposes, both political and non-political, and is a vital asset for market researchers.

Facebook’s product partnerships VP, Ime Archibong said,

We suspended the myPersonality app almost a month ago because we believe that it may have violated Facebook’s policies. We are currently investigating the app, and if myPersonality refuses to cooperate or fails our audit, we will ban it.

The recent Cambridge Analytica allegations caused Facebook to overhaul its platform and get rid of hundreds of apps it found to be misusing data. myPersonality was removed off of the system during this overhaul but has been collecting data for quite some time now.

For a complete refresher on the Cambridge Analytica scandal, check out our previous coverage.

To read the full report by New Scientist, click this link.