According to Facebook, malicious quiz apps were used to harvest thousands of users’ profile data. Anyone who wants to take the quizzes are asked to install browser extensions, which then lift data ranging from names and profile pictures to private lists of friends. Facebook reported that these were installed about 63,000 times between 2016 and October 2018.
The quizzes, with titles such as ‘What does your eye colour say about you?’ and ‘Do people love you for your intelligence or your beauty?’, gained access to this information via the Facebook Login system – which enables connections between third party apps and Facebook profiles. While the system is intended to verify that such connections are secure, in this case, Facebook says users were falsely told the app would retrieve only a limited amount of public data from their profiles.
www.bbc.co.uk/technews (11th March 2019)