Home Technology Facebook login feature exploited by JavaScript trackers to steal user info

Facebook login feature exploited by JavaScript trackers to steal user info

Facebook has been sucked into another data breach controversy though the devil isn’t within the domain of the social site. Instead, it’s third-party JavaScript trackers that seems to be doing the nasty trick and decamping with user’s data.

As has been revealed in a new security research report, sites that rely on ‘Login with Facebook’ have also been found to be embedded with JavaScript trackers. In fact, as many as 434 of the 1 million most visited sites have been discovered impregnated with such scripts.

Among the user info that could have been comprised include the user’s name, sex, location info, email address, profile picture and age range. It is not known specifically to what use the above information might have been put to use though the most usual one is to sell it off to monetization firms.

Facebook has stated they are already looking into the issue even though the issue has nothing to do with the social site, especially its own login feature. Instead, as the report stated, it is owing to a “lack of security boundaries between the first-party and third-party scripts in today’s web”.

The report has been prepared under the aegis of the Princeton University’s Center for Information Technology Policy. Also, contributors to the report include Steven Englehardt, Gunes Acar and Arvind Narayanan, researchers associated with Freedom to Tinker, an organization that the university supports.

On the whole, it is seven scripts that have been found to be collecting user’s data using the first party’s Facebook login feature. In another sole instance, a third party has its own Facebook application to keep a tab on user info.

No wonder all of this is refreshing our memories about the Cambridge Analytica episode where an innocent looking Facebook quiz turned out to be a ploy to collect vital user information. Worse, the same was also made available to a politically affiliated data analysis firm that is known to have helped Donald Trump win the US elections.

Tinder’s app goes out of access as Facebook restricts API access to user data

While the onus is on the individual sites to ensure they sanitize all third-party scripts embedded in their sites, Facebook too will no doubt never like to be associated with any such scrupulous sites.