Facebook User Data Hacked by Third Parties

By Nichole Schack 5 Min Read

How many times have you used the "Login with Facebook" feature on another website so that you didn’t have to set up a separate account? I know I’ve used it quite a few times, whether for purchasing an item or taking a Buzzfeed quiz (because there is nothing like knowing what Disney princess you are). In this day and age, we are all about saving time and having everything connected. But sometimes, that may not be a good thing.

It is official that Login with Facebook data has been hacked. It seems that user data can be snatched up by third parties that have implanted JavaScript trackers on websites that use this feature. Examples of user data that may have been compromised include name, email address, profile photo, age, and location.

Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook.

How it Works

When you visit a website that utilizes Login with Facebook, you are sent to Facebook to log in, and then that information is sent back to the website you are logging into. However, when that data is sent back, a tracker that is embedded into the website gathers your user data and is then sent to a separate website, where it is collected.

Your user data (although somewhat unclear what the data is ultimately being used for) can then be used for ad services. For example, when you are on a website, many ads pop up. Some of those ads are for products you have Googled or looked up previously. Have you noticed that? That is because users are not only being tracked on Facebook after their user data is hacked; they are also being tracked on the Internet itself.

Tealium AudienceStream, which is a customer data platform, and Lytics, a digital marketing company, are parent companies which sell publisher monetization services based on your user data. Now you may be wondering, what does that even mean? It can mean:

  • A rise in paid subscriptions for services
  • Sponsored content continuing to grow
  • Sponsorships, sponsorships, sponsorships
  • A growth in digital advertising versus print advertising

. . . All by using YOUR data!

An example of this would be the website BandsInTown (www.bandsintown.com) which was found giving Facebook user data to these third party scripts on different websites in order to install an Amplified advertising software. The Facebook user data that was passed along was available to the third party script and allowed them to identify the visitor. In other words, a third party was tracking your Internet whereabouts.

BandsInTown has since fixed this issue

Facebook recently made changes to its API or Application Programming Interface in order to protect user data; however, these changes did not prevent the hacking of user data by third-party scripts. If Facebook did have better API analysis, this incident could have been prevented, thus protecting your data. Facebook does report that whilst some user data has been compromised, the source of the script has been recognized, and has been shut down.

Facebook is in the process of restoring their name since the Cambridge Analytica scandal, and while the bad press has been brutal for Facebook, they are ramping up their security measures.

We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you. Mark Zuckerberg

While the threat has been neutralized, we have to wonder what this brings for the future. New methods of identity theft have already been popping up by those impersonators on Facebook, using your name and photo. If your Facebook data can be stolen over the Internet, we have to wonder what else can? As our technology grows and the ability to safeguard information grows, hackers will grow also.

So will their methods of getting around these protection processes. These third-party scripts can also get access to your User ID. Change your password often. Another bit of advice: When you Login with Facebook, you are granting that specific website access to your profile and while you may trust that website with your information, do you also trust the third party scripts with it?

Image credit: Pexels

Share This Article