Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday April 21 2018, @12:57AM   Printer-friendly
from the its-against-our-policy dept.

Submitted via IRC for SoyCow8317

Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Lytics and ProPS sell publisher monetization services based on collected user data.

Meanwhile, concert site BandsInTown was found to be passing Login With Facebook user data to embedded scripts on sites that install its Amplified advertising product. An invisible BandsInTown iframe would load on these sites, pulling in user data that was then accessible to embedded scripts. That let any malicious site using BandsInTown learn the identity of visitors. BandsInTown has now fixed this vulnerability.

TechCrunch is still awaiting a formal statement from Facebook beyond "We will look into this and get back to you."

Source: https://techcrunch.com/2018/04/18/login-with-facebook-data-hijacked-by-javascript-trackers/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday April 21 2018, @01:09AM

    by Anonymous Coward on Saturday April 21 2018, @01:09AM (#669871)

    Don't you worry. If they could grab this data there's no way they could get your login credentials. Trust them to tell you every time they do you wrong ;-)