Facebook

Data from millions of Facebook users who used a popular personality app was left exposed online for anyone to access.

Academics at the University of Cambridge distributed the data from the personality quiz app myPersonality to hundreds of researchers via a website with insufficient security provisions.

It led to it being left vulnerable to access for four years & gaining access illicitly was relatively easy.

The data was highly sensitive, revealing personal details of Facebook users, such as the results of psychological tests.

Facebook suspended myPersonality from its platform saying the app may have violated its policies due to the language used in the app and on its website to describe how data is shared.

More than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project.

All of this data was then scooped up and the names removed before it was put on a website to share with other researchers.

Source: https://www.newscientist.com/article/2168713-huge-new-facebook-data-leak-exposed-intimate-details-of-3m-users/

TPRM report: https://scoringcyber.rankiteo.com/company/facebook

"id": "fac02721722",
"linkid": "facebook",
"type": "Data Leak",
"date": "05/2018",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 6000000,
                        'industry': 'Technology',
                        'name': 'Facebook',
                        'type': 'Social Media Platform'}],
 'attack_vector': 'Insufficient Security Provisions',
 'data_breach': {'number_of_records_exposed': 6000000,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal details',
                                              'Psychological test results']},
 'description': 'Data from millions of Facebook users who used the '
                'myPersonality app was left exposed online for anyone to '
                'access due to insufficient security provisions.',
 'impact': {'data_compromised': ['Personal details',
                                 'Psychological test results']},
 'title': 'Data Breach of myPersonality App on Facebook',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Inadequate data protection measures'}

Facebook

Ingram Micro Holding Corporation

Louis Vuitton

WideOpenWest (WOW!)