This popular Facebook app publicly exposed your data for years

According to, if I were a Disney Princess, I would be Jasmine.
In theory, every website could have requested this data. Note that the data also includes a ‘token’ which gives access to all data the user authorised the application to access, such as photos, posts and friends.
NameTests wants to know who you are so they ask, but any other website could do that as well.
An unauthorised website getting access to my Facebook information

Timeline of events:

On April, 22nd, I reported this to Facebook’s Data Abuse program.


  • How many users were affected?
There are so many NameTests pages that I only published the ones with +1M likes.
  • How long did this flaw exist?
  • Did NameTests know about this?
  • Was this flaw ever discovered by someone else?
  • What data could have been leaked?
  • What data could have been leaked after the app was deleted?
  • How can I protect myself from against these kind of leaks?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Inti De Ceukelaire

Inti De Ceukelaire

Hacker @securinti | Head of Hackers @intigriti