Facebook investigating more security vulnerabilities with third-party logins

After a whistleblower suggested that many personality quiz apps are designed to track user data, Facebook users have yet another reason to avoid logging in with Facebook credentials. Researchers at Princeton University say lax security could allow third-party platforms to use JavaScript trackers to abuse data on some websites using the “login with Facebook” tool. In a report published on the Freedom to Tinker website hosted by the Center for Information Technology Policy at Princeton Unversity, researchers suggest social login APIs can be abused by third-party scripts through two different vulnerabilities.

The researchers found seven third-party companies accessing Facebook user data through a tool allowing users to log into websites using their Facebook ID. The report suggests that signing in with a social account unknowingly allows the user to trust not just that website, but third-party tools on that same website. 

The group found scripts embedded in websites that, when a user logs in with a Facebook account, will access the user ID and, depending on the script, other data like email addresses and even gender. The team wasn’t able to determine just how the information is used, but four of those third-party platforms run what they called a “consumer data platform.” A fifth runs cross-device tracking.

The team managed to find the scripts that caused the vulnerability installed on 434 websites out of the top 1 million sites on the web. One of those sites, MongoDB, a cloud database, has already corrected the script.

The group found fewer instances of the second type of vulnerability, but said that third-party trackers could “deanonymize users.” This type of script was found on Bandsintown, where an iFrame could be used for other websites to embed data from the music platform. The iFrame could pass user data, including identifying data, onto malicious websites accessing that iFrame. Bandsintown says the vulnerability has now been corrected.

The researchers call the vulnerability unintended, but also say that it’s “the lack of boundaries between the first-party and third-party scripts in today’s web,” not because of a bug. Facebook says that they are investigating the report.

The report is just one of the third-party vulnerabilities Facebook is currently investigating. After Cambridge Analytica, the platform is conducting audits on third-party apps using the Facebook API. Both the website scripts and the third-party apps required users to log in with their Facebook credentials.


Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.
Social Media

Facebook axes alleged discriminatory targeting of ads after civil settlements

Facebook advertisers can no longer use targeting for age, gender or zip code when advertising in the housing, jobs, and credit categories. The changes come as part of a civil settlement, following earlier changes to remove racial targeting.

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.
Social Media

Federal investigation digs into Facebook’s data-sharing deals

Facebook confirmed it is cooperating with a federal criminal investigation. According to a report, the company is under investigation for sharing user data with smartphone and tablet companies.
Social Media

Twitter takes a cue from Instagram and Snapchat with new quick-swipe camera

Twitter is giving the "what's happening" treatment to photos and video by allowing users to access the in-app camera fast enough to catch and share the moment. The new Twitter camera is now accessible with a swipe.
Social Media

Yep, it’s not just you. Facebook, Instagram, and WhatsApp are down for many

Facebook's family of apps has been suffering issues for much of the day. Instagram, WhatsApp, Facebook Messenger, and Facebook itself have been out of action for users around the world, with the company scrambling to sort it out.
Social Media

Facebook may soon let you watch live TV with friends in Watch Party

Facebook Watch Party is designed to allow friends to watch together, even when they can't be in the same physical space. Now, that feature could be expanding to include live TV. Facebook announced a test of the feature, starting with live…
Social Media

Facebook explains its worst outage as 3 million users head to Telegram

Facebook, if you didn't already know it, suffered a bit of an issue on Wednesday, March 13. An issue that took down not only its social networking site, but also Instagram, WhatsApp, and Messenger. On Thursday it offered an explanation.

Snapchat could soon let you play games in between your selfies

If a new report is accurate, Snapchat will be getting an integrated gaming platform in April. The platform will feature mobile games form third-party developers, and one publisher is already signed on.
Social Media

Twitter is testing a handy subscription feature for following threads

Twitter has recently started testing a feature that lets you subscribe to a thread so that you’ll no longer need to like a comment or post to it yourself in order to receive notifications of new contributions.
Social Media

Your Google+ public content will remain viewable on the web, if you want it to

Google's failed social network — Google+ — will soon be wiped from the internet, but there's a team of volunteers working right now to save its public content for the Internet Archive.

There’s more space on MySpace after ‘accidental’ wipe of 50 million songs

MySpace is no longer a safe refuge for music and media produced in the 2000s. It said that almost any artistic content uploaded to the site between 2003 and 2015 may have been lost as part of a server migration last year.

Intel and Facebook team up to give Cooper Lake an artificial intelligence boost

Intel's upcoming Cooper Lake microarchitecture will be getting a boost when it comes to artificial intelligence processes, thanks to a partnership with Facebook. The results are CPUs that are able to work faster.
Social Media

New Zealand attack shows that as A.I. filters get smarter, so do violators

The shootings in Christchurch, New Zealand were livestreamed to social media, and while stats show networks are improving at removing offending videos, as the system improves, so do the violators' workarounds.