Why you should think twice before logging in through your social media accounts!
Have you ever pondered over the gory angle that every domain that you sign in to using your Facebook or Google account credentials actually has higher chances of getting hacked into, being misused and landing you into trouble than your other digital resources?
Yes, there’s been a lot of talk around this and after several debates over the security of your online data, it has emerged that indeed by logging in via your Facebook or Google account, you really do welcome a lot of security threats than you may have thought of. While doing this eases you of a lot of hassles where in you don’t have to create separate login credentials, this also opens up doors for scam artists to invade your digital assets like nobody’s business.
Here’re some important facts that we wish to highlight for you surrounding this insecurity. The next time you sign up to your favorite online shopping portal, do remember to run through this checklist once before.
- Egor Homakov, security researcher for Sakurity, recently shared that lack of proper Cross-Site Request Forgery (CSFR) protection measures allows hackers to misuse your Facebook credentials for their own gains, without letting you know or getting caught. This can be scary because you may have used your Facebook login details to access other accounts too and even those accounts stand vulnerable to getting hacked easily.
- Tajinder Pal Singh and Mohit Bagga from CodeBibber have also reiterated on the capacity of this vulnerability. They found that the Facebook vulnerability in the login protocol exposed your data on multiple platforms and hackers could even misuse your financial details to purchase items without getting noticed.
- A similar vulnerability has also been detected in Google Apps. This is particularly relevant for domain name registrations.
- Once you have registered your domain on portals such as Whois, unless you have specifically opted to have your details private, your personal information such as name, address (email and physical), contact details etc. remains open for public viewing.
- Even users who have opted to keep their details private have found that their data was leaked, albeit not immediately but over a period of time.
As you can see, nothing on the web is safe per se and a slight miss can land us in trouble. Facebook’s comment on this entire episode however throws light into a different aspect altogether and compels us to think over it in that direction. Facebook has denied these claims stating that this isn’t actually Facebook’s vulnerability; rather, it is about the inappropriate measures that developers take to validate access tokens while designing their apps and these results in login details becoming prone to attacks. So, while you may be thinking that it is all Facebook and Google’s fault, the error could have emerged elsewhere. So, in the midst of all these vulnerabilities, what do you do?
- Do not provide your personal details on portals that look fishy or you aren’t familiar with.
- No matter how lucrative the deal may appear, never click on unsolicited links.
- Before you accept random friend requests on your social media profiles, watch out.
- Not all websites actually need your financial and personal details to let you browse through it; if you aren’t comfortable sharing it, don’t.
Besides the above, follow the Internet best practices to stay safe! So, the next time you are asked to ‘Login using your Facebook or Google account’, think twice. There could be third-party apps waiting to tap your digital details…