In a Medium post, De Ceukelaire notes that the javascript could potentially leak your Facebook ID, your first and last name and the language you speak, along with your gender, date fo birth, profile picture, cover photo, currency, the devices you use, the last update of your information, posts and statuses and your photos and friends. He also reports that this data had been publicly exposed since at least the latter part of 2016.

The researcher set up a website that would request information from the javascript that NameTests.com stored all the data it pulled from people who took quizzes like "Which Disney Princess Are You?" He found that it only took one visit to get access to someone's personal information for up to two months. He also provided video proof of the process, as embedded below. De Ceukelaire reported the issue to Facebook's Data Abuse program in April. NameTests.com apparently fixed the problem a few days ago, on June 25th. On the 27th, Facebook awarded him a $4,000 bug bounty, which was doubled when he donated it to charity, and wrote a post on its Bug Bounty page: "We appreciate Inti's work to identify this issue and Social Sweethearts' quick action to fix it on their site. This is exactly why we launched our Data Abuse Bounty Program in April: to reward people for reporting potential problems."