Hackers Used Facebook Quizzes to Steal Data from 60,000 Users

iStock.com/bombuscreative
iStock.com/bombuscreative / iStock.com/bombuscreative

It’s been a tumultuous few months for Facebook. A data breach in fall 2018 exposed information about 30 million of its users to hackers. Only a few months later, the company was also criticized for paying individuals to voluntarily install an app that collected information about their smartphone habits. Now, it’s dealing with concerns that some of the quizzes available on the platform have been used to collect data from unsuspecting users.

According to CNN, the scheme is detailed in a lawsuit Facebook filed in California last week against developers Andrey Gorbachov and Gleb Sluchevsky. The defendants, who are based in Kiev, Ukraine, allegedly created quizzes like, “Do you have royal blood?” or “What does your eye color say about you?” as a way to access private user data. When Facebook users interacted with these tests, they were prompted to install browser extensions that allowed the alleged hackers to pose as those users, collecting information as well as taking control of their browsers. The improperly obtained information consisted of names, ages, and friend lists, which hackers then used for targeted advertising that they injected into users' feeds.

It’s possible the breach also resulted in the publication of 81,000 private messages in 2018, which was initially blamed on unspecified malware browser extensions that have not yet been publicly identified. Facebook has yet to confirm the two incidents are related, however.

Facebook said that the primary targets of the operation were Russian- and Ukrainian-speaking users, with 60,000 browsers compromised.

This isn't the only time Facebook quizzes have been tied to data breaches. Last year’s Cambridge Analytica controversy revealed that the firm used quizzes and questionnaires on Facebook to surreptitiously compile data on millions of users.

So what should you do about it? Online security experts caution against third-party apps that are accessed through Facebook. If you’re concerned about utilities that you installed without much thought, you can see a list by clicking on Settings, then the Apps link on the left menu. If you don’t recognize an app, it’s best to delete it.

[h/t CNN]