Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday April 21 2018, @12:57AM   Printer-friendly
from the its-against-our-policy dept.

Submitted via IRC for SoyCow8317

Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Lytics and ProPS sell publisher monetization services based on collected user data.

Meanwhile, concert site BandsInTown was found to be passing Login With Facebook user data to embedded scripts on sites that install its Amplified advertising product. An invisible BandsInTown iframe would load on these sites, pulling in user data that was then accessible to embedded scripts. That let any malicious site using BandsInTown learn the identity of visitors. BandsInTown has now fixed this vulnerability.

TechCrunch is still awaiting a formal statement from Facebook beyond "We will look into this and get back to you."

Source: https://techcrunch.com/2018/04/18/login-with-facebook-data-hijacked-by-javascript-trackers/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by crafoo on Saturday April 21 2018, @09:33AM

    by crafoo (6639) on Saturday April 21 2018, @09:33AM (#670014)

    Exactly. Typing in the URL to a publicly available AT&T server is HACKING and has been fully punished under the law.

    Invading every corner of your personal life and selling it out to every business that asks is business as usual. Carelessly leaking the credit history data of every single adult person in the United States is an "unfortunate incident". Rest assured they were given a stern talking-to, citizen. Carry on.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2