While Facebook continues its public attempt to recover from the Cambridge Analytica scandal, it appears a new, unrelated leak on the social media network exposed the data of around 3 million people.

pixinoo / Shutterstock.com

Data from the Facebook personality quiz app myPersonality was left exposed online for years, New Scientist reports. The data included “answers to intimate questionnaires” and the personal results of psychological tests.

According to the report, data from the app that was given to researchers was distributed through “a website with insufficient security provisions.” The data was “relatively easy” to access for four years, as the publicly available username and password could be found on popular code-sharing website GitHub with one simple web search.

[Facebook plans on adding a Clear History feature to its platform this year.]

New Scientist reports that “More than 6 million people completed the tests on the myPersonality app and nearly half agreed to share data from their Facebook profiles with the project.” Though the data was anonymized, it appeared to be done in a questionable way that was easy to reverse — to de-anonymize.

Facebook’s Ongoing Response

Facebook is in the middle of a massive app investigation and audit of its own, and recently announced that it has reviewed thousands of apps so far, and has suspended 200 of those apps for possible data misuse. myPersonality was reportedly suspended last month.

It certainly appears the Cambridge Analytica scandal was just the beginning of a great reckoning for Facebook and its apps, with hundreds of apps found to possibly misusing data before the investigation is even complete.

Attorney Richard Fields, who is one of many lawyers suing Facebook over the Cambridge Analytica scandal, gave an interview to the National Law Journal, in which he said this “this could be the largest data breach in history.”

“There were over 10,000 applications operating on the Facebook platform, and it appears as if they may just be scratching the surface of the problem with the Cambridge Analytica problem,” Fields told the National Law Journal.