Another good reason why we disabled oAuth logins via Facebook and Twitter on our Em-8ER forums.
Researchers: 3rd-party JavaScript trackers embedded on sites using Login With Facebook can grab Facebook user data; abusive scripts found on 434 of top 1M sites ( / TechCrunch)
Following TechCrunch's report of security research on a Login With Facebook security flaw, Fb tells us it's changing how user IDs work and rate limiting the feature
Login With Facebook data hijacked by JavaScript trackers via
Login With Facebook data hijacked by JavaScript trackers
After six years of research exposing the shady practices of third-party trackers, the thing that gets me every single time is the fact that website operators are in the dark about what third parties are doing on their sites.
Facebook says its investigating this improper collection of user data. After TechCrunch brought it to MongoDB's attention, it shut down the offending JavaScript tracker
Reason #576 why only allows running third party scripts in cross-origin iframes
Correction: B&H Photo and Fiverr have been removed from the Princeton research post, and so from our article after Forter verified they didn't host trackers, or their trackers didn't pull Fb data. BandsInTown & MongoDB have admitted and fixed their flaws.