According to a post on Medium by the security researcher that discovered the flaw, Inti De Ceukelaire, "Nametests.com, the website behind the quizzes, recently fixed a flaw that publicly exposed information of their more than 120 million monthly users — even after they deleted the app
. . . .
- Who was affected?
According to Facebook, NameTests has more than 120 million active monthly users. I have no insights in how many users have given their data to the app since their launch early 2015. It is important to note that if this flaw was ever abused, only the users that actually visited the attacker’s website would have their data leaked to the attacker.
- What Data could have been leaked?
- What data could have been leaked after the app was deleted?
If you ever took a quiz and removed the app afterwards, external websites would still be able to read your facebook id, first name, last name, language, gender, date of birth. You could have only prevented this from happening if you manually deleted your cookies, as the website does not offer a logout functionality."