On the login screens for Spotify, Pinterest and Yelp there is a button which reads “log in with Facebook.” A Facebook account enables the user to access many different sites without divulging sensitive information over and over by linking their account. But recent hacks to the social network site show that using a Facebook account for third-party apps may not be the wisest choice.
On Friday, Sept. 28, Facebook released a statement that they had discovered an attack on their computer servers in the last week which had put hackers in control of over 50 million accounts, according to the Star Tribune. Facebook responded by logging out those accounts as well as 40 million others who were made vulnerable by the hack, but not necessarily taken control of. This comes as further evidence of Facebook’s shortcomings after the revelation in March that British firm Cambridge Analytica, under funding from billionaire Robert Mercer, had harvested personal details from over 87 million accounts.
The most recent hack takes advantage of login credentials used by some accounts called “tokens,” which The Guardian says are short, automated authorization symbols, and therefore easily hacked. One of the three programming bugs that enabled the hack of these tokens was in fact connected to a tool that uploaded birthday videos.
Facebook caught on to the hack when accounts began to show up on the black market for sale. While the data accessed on Facebook by the hackers was generally limited to name, sex and hometown, the more serious concern is how much access the hackers gained over third party apps and linked accounts. “This has really shown us that because today’s digital environment is so complex, a compromise on a single platform can have consequences that are much more far-reaching than what we can tell in early days of the investigation,” April Doss of the Saul Ewing law firm told The New York Times.
This is especially a concern among college students, who are likely to have linked accounts. While Facebook shut the hackers out of the 90 million accounts compromised, they have no control over third party apps or accounts that might have been linked. “In other words, if attackers have already used your Facebook credentials to log into one of your apps, they may still be there,” Jason Polakis, Professor of Computer Science at the University of Illinois, told The Guardian. This may be the time to review security settings on linked apps.
Chloe McConnell ’21 thinks people shouldn’t expect Facebook to be perfect. “If you’re using a site for free you’re the product, people need to know that. I’m not surprised.”