Facebook Fishing For Security Loops With Third Party Logins

Security is what Facebook is keeping a check on its platform. With the introduction of snail mail code for fraud ads and other trust indicators to detect fake news, Facebook gets another reason to avoid logging with its credentials due to data tracking problem.

How could the data be tracked?

Researchers at Princeton University stated that security could be breached with third-party platforms with the use of JavaScript to track data with the “login with Facebook” tool. It was found that the login APIs used on such social media platforms can be manipulated by any third-party script through two different vulnerabilities.

What did the researchers find out?

  • There are 7 third-party companies that are abusing Facebook user login data that allows users to login into the website through Facebook IDs. This unknowing usage of signing in would compel the users in trusting the website as well as third-party tools.
  • The websites were found to contains some embedded script that when a user logs into the account will access his user ID, email address and gender. Out of 7, 4 were using such a method which they called as “consumer data platform”.
  • The second vulnerability was found on the website of Bandsintown where they were found to “deanonymize users”.

What did researchers have to say on this?

The researchers stated the vulnerability to be unintended and said “the lack of boundaries between the first-party and third-party scripts in today’s web,” Following this Facebook said that is working on the issue.

Facebook, Princeton University Bandsintown,

Leave a Reply