Your Facebook Data Can Be Snatched By Javascript Trackers

SHARE THIS ARTICLE

REACH US

GENERAL INQUIRY

[email protected]

ADVERTISING

[email protected]

PRESS RELEASE

[email protected]

HOTLINE

+673 222-0178 [Office Hour]

+673 223-6740 [Fax]

Upcoming Events

Prayer Times

The prayer times for Brunei-Muara and Temburong districts. For Tutong add 1 minute and for Belait add 3 minutes.

Imsak	: 05:01 AM
Subuh	: 05:11 AM
Syuruk	: 06:29 AM
Doha	: 06:51 AM
Zohor	: 12:32 PM
Asar	: 03:44 PM
Maghrib	: 06:32 PM
Isyak	: 07:42 PM

The Business Directory

Security & Privacy

Home > Security & Privacy

Your Facebook Data Can Be Snatched By Javascript Trackers

shutterstock

April 20th, 2018 | 10:23 AM | 1622 views

ENGADGET.COM

Abusive scripts are snatching data when users log in to websites with Facebook credentials.

Facebook is looking into a security report that reveals Facebook user data can be snatched by JavaScript trackers if they're planted in websites that let users log in with their Facebook credentials. Not just their name and email address, either: The exploit catches age range, gender, locale and possibly a profile photo too, depending on how much access the user allowed said website. Once someone logs in, any third-party JavaScript can supposedly retrieve their info at will.

The report, by Princeton's Center for Information Technology Policy website Freedom to Tinker, listed 431 of the top one million sites (by Alexa rank) that have the shady scripts embedded. The list included cloud database provider MongoDB until TechCrunch brought the issue to their attention, after which they allegedly shut down the abusive script.

"Scraping Facebook user data is in direct violation of our policies," a Facebook spokesperson told Engadget. "While we are investigating this issue, we have taken immediate action by suspending the ability to link unique user IDs for specific applications to individual Facebook profile pages, and are working to institute additional authentication and rate limiting for Facebook Login profile picture requests."

The report concluded that exposed user data wasn't due to a bug in Facebook's login feature -- instead, it's "due to the lack of security boundaries between the first-party and third-party scripts in today's web." To fix this loophole, the report's authors recommend Facebook (and any other services that have social logins) audit their APIs to review who accesses login data. Cheekily, they also recommend finally making Anonymous Login with Facebook available after it had been announced four years ago.

Source:
courtesy of ENGADGET

by David Lumb

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]