In simple words, certain trackers are able to hack into a Facebook profile and steal data, using the “Login With Facebook” plugin.
These trackers – embedded into third-party websites – can get access to emails, usernames, age, gender, location, and photos.
According to TechCrunch, these abusive trackers have been found in 434 out of the top 1 million websites including MongoDB. Facebook responded to the matter, a spokesperson said,
Scraping Facebook user data is in direct violation of our policies. While we are investigating this issue, we have taken immediate action by suspending the ability to link unique user IDs for specific applications to individual Facebook profile pages, and are working to institute additional authentication and rate limiting for Facebook Login profile picture requests.
Not Facebook’s Fault
Whenever someone logs into an external website by using Login With Facebook, these scripts can scrape account data during the process and store it for particular purposes.
Facebook is still recovering from the Cambridge Analytica case and every day, more and more data breach problems keep coming to attention. After all, the company had a lot of loopholes in its privacy protection policies and allowed third-parties to access public data.
Reportedly, this bug is not really Facebook’s fault, it’s just a “due to the lack of security boundaries between the first-party and third-party scripts in today’s web.” For now, the only way Facebook can fix this error is by regularly auditing who is accessing user data according to experts.