Skip to content
FOSSBYTES TECH SIMPLIFIED LOGO
Search
  • News
  • Explained
  • Geek
  • Gaming
  • Streaming
  • How To
  • Top X
  • Tools
  • Jobs
Menu
  • News
  • Explained
  • Geek
  • Gaming
  • Streaming
  • How To
  • Top X
  • Tools
  • Jobs
Facebook Twitter Instagram
Menu
  • News
  • Explained
  • Geek
  • Gaming
  • Streaming
  • How To
  • Top X
  • Tools
  • Jobs
FOSSBYTES TECH SIMPLIFIED LOGO
Search
Close
Join Us On Telegram

  • News, Tech

‘Facebook Login’ Feature Abused By Third-Party Trackers To Steal Data

  • Manisha Priyadarshini Manisha Priyadarshini
  • April 19, 2018
Share on twitter
Tweet
Share on facebook
Share
Share on whatsapp
WhatsApp
facebook

A new investigation reports that Facebook’s Login feature can be used to steal user information when you sign into third-party websites using your Facebook ID. This loophole allows many advertising and analytics services to harvest data for ad-targeting.

The security researchers have found two types of vulnerabilities where third-parties:

  • piggyback on Facebook access granted to websites
  • track users around the web through Facebook Login service

The first is simple: when a user logs in with Facebook ID, not only that website gets access to user data, but also third parties embedded on that site.

This means that the website you are visiting and the third parties embedded on that website can extract your email address and “public profile” (name, age range, gender, locale, and profile photo).

Facebook Login misuse1
Image: Freedom To Tinker

In fact, they can do so without triggering a manual review by Facebook even after the recent changes brought by the company to tighten data security. Once the access is granted, any third-party Javascript embedded in the page can access your personal info.

The second vulnerability allows third-party trackers to deanonymize users by abusing iFrames for targeted advertising through Facebook Login. This violation of privacy is committed in a similar fashion mentioned above but it is a bit more complex.

Find your dream job

Facebook Login Misuse2
Image: Freedom To Tinker

In this case, if a website allows a user to log in using Facebook API, malicious third party trackers can embed a hidden iFrame that could pull user data which is accessible to the embedded scripts on that website.

Thus, trackers can keep on collecting Facebook user data using the first party’s authorization and pass it to any malicious sites or advertising agencies.

However, the researchers said, “This unintended exposure of Facebook data to third parties is not due to a bug in Facebook’s Login feature. Rather, it is due to the lack of security boundaries between the first-party and third-party scripts in today’s web.”

But they emphasized that Facebook could have checked this abuse of data by reviewing its API and it should also prevent third-parties from accessing app-specific user ID and using it to find user profiles.

Also Read: Did Facebook Just Start The Blame Game? Says Google Also Sucks Your Data
Manisha Priyadarshini

Manisha Priyadarshini

An Editor and a Tech Journalist with a software development background. I am a big fan of technology and memes. At Fossbytes, I cover all aspects of tech but my specific area of interest is Programming and Development.

Find your dream job

More From Fossbytes

Latest On Fossbytes

couple watching tv pointing remote controller

8 Best Free Putlocker Alternatives To Watch Movies & Series In 2022

Android 13 beta 2.1 released

The Android 13 Beta 2.1 Update Squashes Some Bugs

iPhone 14 Launch May Be Delayed Because Of China's Lockdowns

iPhone 14 Launch May Be Delayed Due to China’s Lockdowns

eighth weekly tech roundup featured image

Anti-Tank E-Bikes, Big Tech Dip, And More: Weekly Tech Roundup

What’s Coming To Netflix First Week In June 2022: June 1 – June 5

What’s Coming To Netflix First Week In June 2022: June 1 – June 5

Work at your dream company with Fossbytes Jobs

FOSSBYTES
  • About Us
  • Privacy Policy
  • Cookie Policy
Facebook Twitter Instagram
  • Contact Us
  • Work With Us

Learn Something New Today

Academy

Fossbytes Media Pvt Ltd © 2022

FOSSBYTES
Facebook Twitter Instagram

Learn Something New Today

Academy
  • About Us
  • Privacy Policy
  • Cookie Policy
  • Contact Us
  • Work With Us

Fossbytes Media Pvt Ltd © 2022