Logging in with Facebook may let Javascript trackers steal personal data

javascript trackers steal facebook data facebookprivacy01

Using Facebook to login to certain websites may open you up to data theft attacks if those sites also employ particular Javascript trackers. Although the vast majority of sites that were found to contain the malicious trackers are relatively small operations, there are also quite a few that enjoy millions of regular visitors. Some of them are even in the top few hundred sites in the world for overall traffic.

This news first came to light as part of a report from the Princeton’s Center for Information Technology Policy website, Freedom to Tinker. It highlighted that the vulnerability allowed third parties to piggyback the Facebook login process to scrape usernames, email addresses, age ranges, genders, relative locations, and possibly even profile photos, as per Engadget.

In total the report cited seven different scripts that were collecting user data using the Facebook access system. Those scripts were found in 434 of the top one million websites as ranked by Alexa. Some sites have responded to the news by disabling and removing the offending scripts, though many others are still susceptible to this particular exploit.

“Scraping Facebook user data is in direct violation of our policies,” a Facebook spokesperson said in a statement to Engadget. “While we are investigating this issue, we have taken immediate action by suspending the ability to link unique user IDs for specific applications to individual Facebook profile pages, and are working to institute additional authentication and rate limiting for Facebook Login profile picture requests.”

The report does suggest, however, that although Facebook could take steps to prevent this exploit from being viable — such as the previously announced anonymous login feature — that this problem was more of an indication of security problems in modern web standards, than Facebook’s own fault.

Although the report authors admit that they don’t know how the scraped data is being used, this comes at a very poor time for Facebook. It is already embroiled in a scandal surrounding the harvesting of user data by companies like Cambridge Analytica, which purportedly used it for politically targeted adverts during a number of electoral campaigns over the past few years. Mark Zuckerberg even had to testify to Congress over the matter.

With the impending implementation of the GDPR, reports like this do little to curb fears of Facebook security and handling of personal data.


Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.

Australian student hacks into Apple, steals 90GB of data because he’s a ‘fan’

A 16-year-old student in Australia broke into Apple’s network multiple times for an entire year to download 90GB of “secure” data and access customer accounts. He did this because he was a "fan."
Social Media

New deal suggests Facebook is looking to add sweet interactive tools for Live

Facebook now owns a company that specializes in creating interactive live video experiences with polls, viewer comments, and more. Vidpresso says the change will help it bring the interactive tools to more users.
Social Media

Instagram hackers are changing account info into Russian email addresses

Have you logged in to your Instagram lately? A hack circulating this month has Instagram users locked out of their accounts because a hacker changed all the profile data, according to a report.

Network routers with roaming enabled are likely susceptible to a new attack

Jens Steube discovered a new method to break into network routers while researching new ways to attack the WPA3 security standard. He stumbled onto an attack technique capable of cracking hashed WPA-PSK passwords.

Saving your favorite YouTube videos for posterity is quick, easy with these tools

Learning how to download YouTube videos is easier than you might think. There are plenty of great tools you can use, both online and offline. These are our favorites and a step by step guide on how to use them.

Hacker plays ‘Doom’ on John McAfee’s ‘unhackable’ BitFi Bitcoin wallet

The BitFi hardware cryptocurrency wallet isn't as unhackable as John McAfee claims. A 15-year-old bedroom hacker has managed to get Doom running on the device, suggesting its days may soon be numbered.

Having issues with Microsoft Edge? Here's how to fix the most common problems

If you're feeling frustrated with Microsoft Edge, or have run into a serious problem with Windows 10's built-in browser, take a look at these common issues and the solutions that can help you get back on track.

Spotify vs. Pandora: Which music streaming service is better for you?

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.

The best place to print photos online: Seven top photo labs

Have you been looking around for the best place to print out your favorite photos online? Don't fret, we've pored through dozens of options and narrowed it down to the seven best.

The browser-based Monero miner Coinhive generates around $250,000 each month

Despite a fall in cryptocurrency mining, the Coinhive Monero miner is still highly active, generating around $250,000 each month. Coinhive also contributes 1.18 percent of the total mining power behind the Monero blockchain.

The Andromeda botnet still lingers as nations struggle to clean infected PCs

A report by Fortinet suggests that although the FBI and Europe ended the Andromeda botnet’s reign in late 2017, there are still infected PCs. Cleaning up these PCs isn’t progressing at the same pace across various regions.

FatCam: Museum of London’s livestream of a rancid hunk of sewage proves popular

A London museum put part of a fatberg on display earlier this year and the putrid muck proved to be a surprise hit with visitors. Keen to share it with a wider audience, the fatberg is now starring in its very own livestream.

Wikipedia taps streetwear brand to design fundraising apparel

What's white, features the WIkipedia logo, and has the words "internet master" emblazoned on one side? Why, it's a shirt designed by a streetwear brand to raise funds for the internet's most popular encyclopedia.