“Login With Facebook” Lets Hackers Steal Your Facebook Profile

Facebook is investigating a security flaw that lets external JavaScript trackers get their hands on a Facebook profile’s data when a user logs in to a website using “Login With Facebook”.

In simple words, certain trackers are able to hack into a Facebook profile and steal data, using the “Login With Facebook” plugin.

These trackers – embedded into third-party websites – can get access to emails, usernames, age, gender, location, and photos.

According to TechCrunch, these abusive trackers have been found in 434 out of the top 1 million websites including MongoDB. Facebook responded to the matter, a spokesperson said,

Scraping Facebook user data is in direct violation of our policies. While we are investigating this issue, we have taken immediate action by suspending the ability to link unique user IDs for specific applications to individual Facebook profile pages, and are working to institute additional authentication and rate limiting for Facebook Login profile picture requests.


ALSO READ

Facebook Might Be Planning to Manufacture its Own Processors


Not Facebook’s Fault

Whenever someone logs into an external website by using Login With Facebook, these scripts can scrape account data during the process and store it for particular purposes.

Facebook is still recovering from the Cambridge Analytica case and every day, more and more data breach problems keep coming to attention. After all, the company had a lot of loopholes in its privacy protection policies and allowed third-parties to access public data.

Security Updates

The social media giant did improve its security modules recently, however, many exploits such as the newly-discovered JavaScript scraper keep coming to attention every now and then.

Reportedly, this bug is not really Facebook’s fault, it’s just a “due to the lack of security boundaries between the first-party and third-party scripts in today’s web.” For now, the only way Facebook can fix this error is by regularly auditing who is accessing user data according to experts.

Via Engadget



close
>