{"id":4901,"date":"2018-07-01T14:13:45","date_gmt":"2018-07-01T14:13:45","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/"},"modified":"2018-07-01T14:13:45","modified_gmt":"2018-07-01T14:13:45","slug":"facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/","title":{"rendered":"Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles"},"content":{"rendered":"<p>Facebook has forked out an $8,000 reward after a security researcher flagged up a third-party web app that potentially exposed up to 120 million people&#8217;s personal information from their Facebook profiles.<\/p>\n<p>This is quite possibly <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.facebook.com\/BugBounty\/posts\/2117617158252499\">the first cash payment<\/a> under the social network giant&#8217;s new data abuse bug bounty program.<\/p>\n<p>The under-fire Silicon Valley goliath introduced the <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/04\/10\/facebook_look_at_our_latest_shiny_thing_that_proves_were_taking_this_seriously\/\">bug bounty program<\/a> in April after the Cambridge Analytica data-harvesting scandal. It offered a minimum of $500 \u2013 and no maximum \u2013 for anyone that provided proof that a third-party app had collected and transferred Facebook profile data to other parties. It is also a handy PR move by the biz.<\/p>\n<p>Given that it\u2019s only been two months since the scheme was launched and these kinds of investigations can take up to six months, it\u2019s likely that this payout is the first, though Facebook have yet to confirm that this is the case, along with how many other reports are being investigated.<\/p>\n<p>The bounty was awarded after self-described ethical hacker Inti De Ceukelaire found the quiz app at Nametests.com potentially exposed the data of more than 120 million monthly users.<\/p>\n<h3 class=\"crosshead\"><span>Grabby code<\/span><\/h3>\n<p>In a <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/medium.com\/@intideceukelaire\/this-popular-facebook-app-publicly-exposed-your-data-for-years-12483418eff8\">blog post yesterday<\/a>, De Ceukelaire said the web app fetched his personal data and stored it at <code>nametests.com\/appconfig_user<\/code>, and was available for other sites to swipe it while he remained logged in. \u201cIn theory, every website could have requested this data,\u201d he said.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2017\/10\/13\/catching_money_shutterstock.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Trying to catch money in a net\"\/><\/p>\n<h2 title=\"As Cambridge Analytica launches new site 'CambridgeFacts'\">Facebook: Look at our latest bug bounty that proves we&#8217;re serious!<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2018\/04\/10\/facebook_look_at_our_latest_shiny_thing_that_proves_were_taking_this_seriously\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>Essentially, a malicious webpage in another tab can request the above URL to grab your profile details, once you&#8217;ve connected Nametests to your Facebook account. The app attempts to work out &#8220;what does your name really mean?&#8221;<\/p>\n<p>Information revealed included first name, last name, language, gender and birth date \u2013 all of which would remain accessible even after the app was disconnected from a Facebook account. In addition, a token also gave access to all the data the user had authorised the application to access, which might include photos, posts or friend lists.<\/p>\n<p>\u201cI was shocked to see that this data was publicly available to any third-party that requested it,\u201d said De Ceukelaire.<\/p>\n<p>To demonstrate that the information could be nabbed, De Ceukelaire set up a website that connects to NameTests and gains access to a person\u2019s posts, photos, and friends for up to two months. Here&#8217;s a video demonstrating the slurp:<\/p>\n<p><a href=\"https:\/\/www.youtube.com\/watch?v=VjbHWOwtCf0\" data-media=\"x-videoplayer\">Youtube Video<\/a><\/p>\n<p>NameTests was launched in 2015, and De Ceukelaire reckons the flaw was present since 2016, and, as the app claims some 120 million users each month, it could have affected a large number of people.<\/p>\n<p>\u201cAbusing this flaw, advertisers could have targeted (political) ads based on your Facebook posts and friends,\u201d the researcher said. \u201cMore explicit websites could have abused this flaw to blackmail their visitors, threatening to leak your sneaky search history to your friends.\u201d<\/p>\n<p>However, as De Ceukelaire pointed out, it isn&#8217;t clear how many people, if any, have been affected, noting also that only users that visited an attacker&#8217;s website would have their data leaked to the attacker.<\/p>\n<h3 class=\"crosshead\"><span>An early starter<\/span><\/h3>\n<p>De Ceukelaire reported the bug on April 22, just 12 days after bug bounty program was announced, and this week spotted that NameTests had changed the way it processed data, with third parties no longer able to download the information.<\/p>\n<p>On contacting the Zuckerborg, the biz agreed to pay a bounty of $4,000, which it doubled because De Ceukelaire had requested it be given to non-profit the Freedom of the Press Foundation (every chance for a good PR opp, eh?).<\/p>\n<p>Ime Archibong, veep of product partnerships at Facebook, said: \u201cA researcher brought the issue with the\u00a0nametests.com\u00a0website to our attention through our Data Abuse Bounty Program that we launched in April to encourage reports involving Facebook data. We worked with\u00a0nametests.com\u00a0to resolve the vulnerability on their website, which was completed in June.\u201d<\/p>\n<p>However, the presence of such a simple flaw raises questions about Facebook&#8217;s screening processes, as basic security tests should have spotted the problem.<\/p>\n<h3 class=\"crosshead\"><span>No foul on our part<\/span><\/h3>\n<p>For its part, NameTests.com has a set of guarantees on its feedback page, which includes that data will never been sold to third parties, that users can unsubscribe at any time and that it complies with &#8220;strict data protection laws.&#8221;<\/p>\n<p>In a statement to <em>El Reg<\/em>, it said that data security was taken very seriously and measures were being taken to avoid risks in the future. It added: &#8220;The investigation found that there was no evidence that personal data of users was disclosed to unauthorised third parties and all the more that there was no evidence that it had been misused.&#8221;<\/p>\n<p>Meanwhile, Facebook is undertaking a wider probe into apps that accessed user data before the firm announced changes to its Graph API use policies in 2014 \u2013 this is at the heart of the Cambridge Analytica scandal because it allowed the app developed by GSR to suck up info on not just a user, but also all of their friends.<\/p>\n<p>Last month, the tech giant offered a <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/05\/14\/facebook_suspends_200_apps_probe\/\">progress update<\/a>, saying that it had suspended 200 apps &#8220;pending a thorough investigation into whether they did in fact misuse any data.&#8221;<\/p>\n<p>The biz has promised to notify users if there is evidence of any apps misusing data. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1759\/shttp:\/\/www.mcubed.london\/\">Minds Mastering Machines &#8211; Call for papers now open<\/a><\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2018\/06\/28\/facebook_data_abuse_bug_bounty\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Infosec bod shops NameTests, claims leaky code exposes info Facebook has forked out an $8,000 reward after a security researcher flagged up a third-party web app that potentially exposed up to 120 million people&#8217;s personal information from their Facebook profiles.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":4902,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-4901","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-01T14:13:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles\",\"datePublished\":\"2018-07-01T14:13:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/\"},\"wordCount\":910,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/\",\"name\":\"Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles.jpg\",\"datePublished\":\"2018-07-01T14:13:45+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/","og_locale":"en_US","og_type":"article","og_title":"Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-07-01T14:13:45+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles","datePublished":"2018-07-01T14:13:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/"},"wordCount":910,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/","url":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/","name":"Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles.jpg","datePublished":"2018-07-01T14:13:45+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/facebook-shells-out-8k-bug-bounty-after-quiz-web-app-used-by-120m-people-spews-profiles\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Facebook shells out $8k bug bounty after quiz web app used by 120m people spews profiles"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/4901","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=4901"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/4901\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/4902"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=4901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=4901"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=4901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}