Submitted via IRC for SoyCow8317
Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Lytics and ProPS sell publisher monetization services based on collected user data.
Meanwhile, concert site BandsInTown was found to be passing Login With Facebook user data to embedded scripts on sites that install its Amplified advertising product. An invisible BandsInTown iframe would load on these sites, pulling in user data that was then accessible to embedded scripts. That let any malicious site using BandsInTown learn the identity of visitors. BandsInTown has now fixed this vulnerability.
TechCrunch is still awaiting a formal statement from Facebook beyond "We will look into this and get back to you."
Source: https://techcrunch.com/2018/04/18/login-with-facebook-data-hijacked-by-javascript-trackers/
(Score: 2) by Spamalope on Saturday April 21 2018, @07:27AM (3 children)
Isn't unauthorized access of a computing device illegal?
Is there some special way that the people behind the amplified ad network aren't criminals along with the Bandsintown website for enabling them? (I guess conspiring them in breathless prosecutor speak)
Also, time to make a FB persona that loves 'interesting' things to be logged in to on the browser advertisers would see. You know, there should be a discord group for sharing those so they can all friend each other and look more legit. I wonder what would be the best bait for advertisement bottom feeders? A profile that brags about buying timeshares and is looking for a mesothelioma lawyer? Maybe with personal phone numbers of FTC officials on the profile just in case they take the bait? Hmm...
(Score: 2) by FatPhil on Saturday April 21 2018, @08:07AM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by crafoo on Saturday April 21 2018, @09:33AM
Exactly. Typing in the URL to a publicly available AT&T server is HACKING and has been fully punished under the law.
Invading every corner of your personal life and selling it out to every business that asks is business as usual. Carelessly leaking the credit history data of every single adult person in the United States is an "unfortunate incident". Rest assured they were given a stern talking-to, citizen. Carry on.
(Score: 2) by MichaelDavidCrawford on Saturday April 21 2018, @03:39PM
I bought a can of Room Shocker for a friend who values his privacy
I was seeing room shocker ads for weeks
Yes I Have No Bananas. [gofundme.com]