Skip to content
FOSSBYTES TECH SIMPLIFIED LOGO
Search
  • News
  • Xplained
  • Geek
  • Gaming
  • Streaming
  • Reviews
  • How To
  • Top X
  • Jobs
Menu
  • News
  • Xplained
  • Geek
  • Gaming
  • Streaming
  • Reviews
  • How To
  • Top X
  • Jobs
Facebook Twitter Instagram
Menu
  • News
  • Xplained
  • Geek
  • Gaming
  • Streaming
  • Reviews
  • How To
  • Top X
  • Jobs
FOSSBYTES TECH SIMPLIFIED LOGO
Search
Close
Join Us On Telegram
  • News, Tech

‘Facebook Login’ Feature Abused By Third-Party Trackers To Steal Data

  • Manisha Priyadarshini Manisha Priyadarshini
  • April 19, 2018
Tweet
Share
WhatsApp
facebook

A new investigation reports that Facebook’s Login feature can be used to steal user information when you sign into third-party websites using your Facebook ID. This loophole allows many advertising and analytics services to harvest data for ad-targeting.

The security researchers have found two types of vulnerabilities where third-parties:

  • piggyback on Facebook access granted to websites
  • track users around the web through Facebook Login service

The first is simple: when a user logs in with Facebook ID, not only that website gets access to user data, but also third parties embedded on that site.

This means that the website you are visiting and the third parties embedded on that website can extract your email address and “public profile” (name, age range, gender, locale, and profile photo).

Facebook Login misuse1
Image: Freedom To Tinker

In fact, they can do so without triggering a manual review by Facebook even after the recent changes brought by the company to tighten data security. Once the access is granted, any third-party Javascript embedded in the page can access your personal info.

The second vulnerability allows third-party trackers to deanonymize users by abusing iFrames for targeted advertising through Facebook Login. This violation of privacy is committed in a similar fashion mentioned above but it is a bit more complex.

Facebook Login Misuse2
Image: Freedom To Tinker

In this case, if a website allows a user to log in using Facebook API, malicious third party trackers can embed a hidden iFrame that could pull user data which is accessible to the embedded scripts on that website.

Thus, trackers can keep on collecting Facebook user data using the first party’s authorization and pass it to any malicious sites or advertising agencies.

However, the researchers said, “This unintended exposure of Facebook data to third parties is not due to a bug in Facebook’s Login feature. Rather, it is due to the lack of security boundaries between the first-party and third-party scripts in today’s web.”

But they emphasized that Facebook could have checked this abuse of data by reviewing its API and it should also prevent third-parties from accessing app-specific user ID and using it to find user profiles.

Also Read: Did Facebook Just Start The Blame Game? Says Google Also Sucks Your Data
Manisha Priyadarshini

Manisha Priyadarshini

An Editor and a Tech Journalist with a software development background. I am a big fan of technology and memes. At Fossbytes, I cover all aspects of tech but my specific area of interest is Programming and Development.
More From Fossbytes

Latest On Fossbytes

how to use chatgpt 4

How To Use ChatGPT 4 For Free?

OpenAI’s latest GPT-4 model!

4 Reasons Why AI Is A Great Career Choice For 2023

Great Reasons You Should Get A Job In Artificial Intelligence

AI – A game changer!

What Time Will Succession Season 4 Air On HBO Max? Can You Watch It For Free?

What Time Will Succession Season 4 Air On HBO Max? Can You Watch It For Free?

Name a more dysfunctional family than the Roys from HBO’s Succession. It’s difficult to compare Waystar RoyCO’s mogul Logan Roy

When & Where To Watch Yellowjackets Season 2?

When & Where To Watch Yellowjackets Season 2?

Buzz, Buzz! We already have a season 3.

lenovo ideapad gaming 3 gen 7 16 intel review RTX 3060

Lenovo IdeaPad Gaming 3i (2023) Review: A Great Mid-Range Gaming Laptop

Bang-for-the-buck gaming laptop powered by 12th Gen Intel Core i7-12700H processor and NVIDIA GeForce RTX 3060 GPU.

Xencelabs Medium Pen Tablet Review Hero

Xencelabs Pen Tablet Review: Watch out Wacom!

A worthy opponent?

Find your dream job

tech jobs board by fossbytes banner
  • About Us
  • Privacy Policy
  • Cookie Policy

Fossbytes

Facebook Twitter Instagram
  • Contact Us
  • Work With Us

find your dream job today

FOSSBYTES JOBS

Fossbytes Media Pvt Ltd © 2022

FOSSBYTES
Facebook Twitter Instagram

FIND YOUR DREAM JOB TODAY

FOSSBYTES JOBS
  • About Us
  • Privacy Policy
  • Cookie Policy
  • Contact Us
  • Work With Us

Fossbytes Media Pvt Ltd © 2022

pixel