Is Logging In with Google and Facebook a Security Concern?

Registering to other services using google and Facebook pose a security threat.

Nowadays, Facebook profiles are considered to have identities of users stored in its database. So when a user logins via Facebook, they simply pass on their information to the other websites on which they are logging in to. All the credits for this go to the universal login API of social networks. It is highly likely that you would have also used it to log into websites such as Tinder, Spotify, and Airbnb. However, at times, the websites that require you to sign in through Google and Facebook carry several security risks and issues. This is especially true for the websites that are not very well-known. This is based on a finding done by the Princeton University.

Most people do not know that this is possible, although it very much is. This is because this is something that sounds beyond the time.

According to this research, when users provide permission to the third-party websites for logging into their Facebook and google accounts, the other third-party trackers that are a part of the website are able to receive all the information too.

This information may include information such as age, birthday, email address, username, and other information that is filled. The kind of information that may be recorded simply depends on what the original website asked the user for.

According to this research, about 434 out of the top one million websites on the internet have these trackers present. Although, most of them were not getting information from Facebook but a script like this was certainly present.

The scripts that were present on these websites can associate a unique username with the unique data present on the website.

According to the research conducting by Princeton, there were a total of seven scripts that were present on these websites that had the capability of pulling off information from Facebook’s login API. Out of the seven scripts, six of these were not linked to any specific company. The other six products were a product of marketing fraud prevention companies that include Forter, Taelium, ProPS, OnAudience, and Lytics.

Considering this, one thing is certain that it is definitely possible for scripts to get information off from the login API of social networking websites such as Facebook and Google.

Facebook 50 million hack

When you are using a social website’s API to log into another website, you are primarily depending on the security of the social website itself.

However, the security of social websites such as Facebook and google itself is not necessarily impenetrable. For instance, the Facebook 50M hack in 2018 has been quite popular in this regard. In this event, about 50m accounts on Facebook got compromised because of an attack that provided hackers the ability to access all the user’s private data on Facebook.

Facebook’s engineers discovered this attack back on the 25th September in 2018. Because of this, those users whose accounts got compromised were notified and were logged out of their accounts for security purposes. These users were required to log back into their accounts.


Show More

Julio Rivera

Julio Rivera is a small business consultant, political activist, writer and Editorial Director for Reactionary Times.  His writing, which is concentrated on politics and cybersecurity, has also been published by websites including Newsmax, The Hill, The Washington Times, LifeZette, The Washington Examiner, American Thinker, The Toronto Sun, PJ Media and many others.

Previous/Next Posts

Related Articles

Leave a Reply

Back to top button