Skip to main content

Logging in with Facebook may let Javascript trackers steal personal data


Using Facebook to login to certain websites may open you up to data theft attacks if those sites also employ particular Javascript trackers. Although the vast majority of sites that were found to contain the malicious trackers are relatively small operations, there are also quite a few that enjoy millions of regular visitors. Some of them are even in the top few hundred sites in the world for overall traffic.

This news first came to light as part of a report from the Princeton’s Center for Information Technology Policy website, Freedom to Tinker. It highlighted that the vulnerability allowed third parties to piggyback the Facebook login process to scrape usernames, email addresses, age ranges, genders, relative locations, and possibly even profile photos, as per Engadget.

In total the report cited seven different scripts that were collecting user data using the Facebook access system. Those scripts were found in 434 of the top one million websites as ranked by Alexa. Some sites have responded to the news by disabling and removing the offending scripts, though many others are still susceptible to this particular exploit.

“Scraping Facebook user data is in direct violation of our policies,” a Facebook spokesperson said in a statement to Engadget. “While we are investigating this issue, we have taken immediate action by suspending the ability to link unique user IDs for specific applications to individual Facebook profile pages, and are working to institute additional authentication and rate limiting for Facebook Login profile picture requests.”

The report does suggest, however, that although Facebook could take steps to prevent this exploit from being viable — such as the previously announced anonymous login feature — that this problem was more of an indication of security problems in modern web standards, than Facebook’s own fault.

Although the report authors admit that they don’t know how the scraped data is being used, this comes at a very poor time for Facebook. It is already embroiled in a scandal surrounding the harvesting of user data by companies like Cambridge Analytica, which purportedly used it for politically targeted adverts during a number of electoral campaigns over the past few years. Mark Zuckerberg even had to testify to Congress over the matter.

With the impending implementation of the GDPR, reports like this do little to curb fears of Facebook security and handling of personal data.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Facebook let advertisers target you using two-factor authentication numbers
The FTC logo on a building.

We finally have some details about the $5 billion settlement between the Federal Trade Commission (FTC) -- and exactly how Facebook might have violated your privacy.

The Washington Post reports that the yet-to-be-released complaint that will accompany the settlement focuses on two privacy violations. The first involves Facebook’s two-factor authentication security feature, which allows users to log in and verify their identity through a text message code sent to the phone number that they enter. Allegedly, advertisers used these phone numbers to target Facebook users without their consent. 

Read more
Zuckerberg may have known more about Facebook’s privacy scandal than we thought
social media mark zucerberg with american flags

In the midst of an ongoing Federal Trade Commission investigation into Facebook's Cambridge Analytica privacy scandal, a new report suggests that Facebook founder and Chief Executive Officer Mark Zuckerberg may have known about the company's much-criticized cavalier approach to privacy.

According to a report from the Wall Street Journal, emails shared with the FTC suggest that Zuckerberg knew about, and was connected to, the company’s questionable treatment of user data. It's not clear exactly what the emails say, or whether they are specifically about Cambridge Analytica.

Read more
How to pin a website to the taskbar in Windows
A man sits, using a laptop running the Windows 11 operating system.

Windows includes many interesting tools, but if you’re like many people, more and more of your digital life is happening in your web browser and nowhere else. That being the case, you’ll want to keep your most important websites close at hand. The easiest way to access them in Windows is the Start menu and the taskbar, treating them more or less like programs in and of themselves.

Although easy overall, getting a website from your browser to your taskbar is slightly different depending on which browser you’re using.

Read more