Bitdefender has discovered a significant vulnerability within Facebook which allowed access to any user account through simple social login manipulation. The attacker was able to gain access to personal user information, a contacts list for potential malware distribution and payment information – allowing purchases to be made in the user’s name.
The attack vector in this case – social logins – are an alternative to traditional authentication. This form of access offers users a convenient way to sign in to their web accounts without entering their username and password, with a majority of websites offering social login through Facebook, LinkedIn, Twitter or Google+.