Websites Using “Sign-In With Facebook” Feature Vulnerable to Data Hijackers

Facebook confirmed to TechCrunch that it’s investigating a security report that showed Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites with sign-ins that use “Login With Facebook.” Trackers can capture a user’s name, email address, age range, gender, locale, and profile photo.


The abusive scripts were found on 434 of the top 1 million websites including cloud database provider MongoDB and BandsInTown. Both companies report that they have now fixed these vulnerabilities.

Jessica VernonComment