Skip to main content
Black Listed News
Trending Articles:
Trending Articles:

Login With Facebook data hijacked by JavaScript trackers

Published: April 20, 2018
Share | Print This


Source: Tech Crunch

Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It’s unclear what these trackers do with the data, but many of their parent companies including Lytics and ProPS sell publisher monetization services based on collected user data.

The abusive scripts were found on 434 of the top 1 million websites including cloud database provider MongoDB. That’s according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton’s Center For Information Technology Policy.

Meanwhile, concert site BandsInTown was found to be passing Login With Facebook user data to embedded scripts on sites that install its Amplified advertising product. An invisible BandsInTown iframe would load on these sites, pulling in user data that was then accessible to embedded scripts. That let any malicious site using BandsInTown learn the identity of visitors. BandsInTown has now fixed this vulnerability.

TechCrunch is still awaiting a formal statement from Facebook beyond “We will look into this and get back to you.”

[Update 4/19/18 10:15am: A Facebook spokesperson now tells us “Scraping Facebook user data is in direct violation of our policies. While we are investigating this issue, we have taken immediate action by suspending the ability to link unique user IDs for specific applications to individual Facebook profile pages, and are working to institute additional authentication and rate limiting for Facebook Login profile picture requests.”]

Read More...

Share This Article...


Emigrate While You Still Can! Learn more...


PLEASE DISABLE AD BLOCKER TO VIEW DISQUS COMMENTS

Ad Blocking software disables some of the functionality of our website, including our comments section for some browsers.





SIGN UP TO GET BLACKLISTED NEWS DELIVERED RIGHT TO YOUR INBOX

Enter your email address:





More Blacklisted News...

Blacklisted Radio
Blacklisted Nation
On Patreon
On Twitter
On Reddit
On Facebook
Blacklisted Radio:
Republic Broadcasting
Podcasts on Youtube
Podcasts on Demand
On Iheart Radio
On Spreaker
On Stitcher
On iTunes
On Tunein

Our IP Address:
198.245.55.242

Sponsors:
good
longboard
brands


Advertise Here...





BlackListed News 2006-2018