Skip to main content

See also:

Further security issues keep Facebook under a microscope

Redirect Risks
Credited: Facebook NewsRoom

As a journalist, I have covered numerous stories dealing with the security issues many social media sites face. The lack of knowledge about how to keep account holders information safe and secure is shocking and even more so the lack of willingness to stay ahead of the game.

Fox News reported “new” security flaws for companies like Facebook, Google and even Twitter. This report came out on May 5, 2014, by CNET first, where legitimate websites dealing with third-parties sites are allowing users to load in from their user accounts such as Facebook; could cause a risk for an hacker to gain control of users information.

PH. D student Wang Jing in his blog covers this information stating, “The vulnerability is usually due to the existing weakness in the third-party websites.” Wang also wrote on his blog, “This could lead to Open Redirect attacks to both clients and providers of 0Auth 2.0 or Open ID

Once this information became known, we here at examiner took a closer look at what was going on. Simply put, if you were to go into Goodread, a popular website for book lovers and author; a window will popup asking you if you would like to sign in using your Facebook, Google, Twitter even Amazon account information.

By using this option, it could put you at risk if Goodreads is a third-party site with existing weaknesses, which is unknown at this point. This is just a hypothetic example, it has never been stated anywhere that Goodread has such vulnerabilities.

Wang told CNET he contacted several sites and they replied, “Google was tracking the issue at the moment, Microsoft looked into the matter and found it was a third- party issue not theirs and Facebook told him it was an issue not easily fixed.”

We got in touch with Facebook about the matter and found this has been an ongoing issue, which became known a few years back. It is not as recent as Wang Jing had thought.

A spokesperson with Facebook released this statement to us, which we are now bringing to like for account holders on May 11, 2014, “We publish guidance to help developers avoid this type of issue that can arise if apps contain certain vulnerabilities. Creating a URL whitelist is an effective defense that we include in our developer documentation.”

Therefore, Facebook knows of the issue and has advised developers. What can Facebook users do to protect their information. You can do a few simple things.

  • If you are not familiar with a third party site, register and log in through their site only.
  • Want you keep your information safe on Facebook, Twitter, Google and others; never opt to sign in through those pop-up windows.

It is understandable that companies want to make it easy to just click on a link and you’re in. Nevertheless, that click could cost you and those in your connection in the end; you may be putting yourself at risk for attackers.