Is Logging In with Google and Facebook a Security Concern?

Registering to other services using google and Facebook pose a security threat.

Nowadays, Facebook profiles are considered to have identities of users stored in its database. So when a user logins via Facebook, they simply pass on their information to the other websites on which they are logging in to. All the credits for this go to the universal login API of social networks. It is highly likely that you would have also used it to log into websites such as Tinder, Spotify, and Airbnb. However, at times, the websites that require you to sign in through Google and Facebook carry several security risks and issues. This is especially true for the websites that are not very well-known. This is based on a finding done by the Princeton University.

Most people do not know that this is possible, although it very much is. This is because this is something that sounds beyond the time.

According to this research, when users provide permission to the third-party websites for logging into their Facebook and google accounts, the other third-party trackers that are a part of the website are able to receive all the information too.

This information may include information such as age, birthday, email address, username, and other information that is filled. The kind of information that may be recorded simply depends on what the original website asked the user for.

According to this research, about 434 out of the top one million websites on the internet have these trackers present. Although, most of them were not getting information from Facebook but a script like this was certainly present.

The scripts that were present on these websites can associate a unique username with the unique data present on the website.

According to the research conducting by Princeton, there were a total of seven scripts that were present on these websites that had the capability of pulling off information from Facebook’s login API. Out of the seven scripts, six of these were not linked to any specific company. The other six products were a product of marketing fraud prevention companies that include Forter, Taelium, ProPS, OnAudience, and Lytics.

Considering this, one thing is certain that it is definitely possible for scripts to get information off from the login API of social networking websites such as Facebook and Google.

Facebook 50 million hack

When you are using a social website’s API to log into another website, you are primarily depending on the security of the social website itself.

However, the security of social websites such as Facebook and google itself is not necessarily impenetrable. For instance, the Facebook 50M hack in 2018 has been quite popular in this regard. In this event, about 50m accounts on Facebook got compromised because of an attack that provided hackers the ability to access all the user’s private data on Facebook.

Facebook’s engineers discovered this attack back on the 25th September in 2018. Because of this, those users whose accounts got compromised were notified and were logged out of their accounts for security purposes. These users were required to log back into their accounts.


Follow Reactionary Times on

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: