Is your Gmail account safe? If you linked it to your Facebook account, you might be susceptible to hackers…
Professionals went to work to begin unpacking the cybersecurity issue. An authentication code enabled security researcher Youssef Sammouda to hijack Facebook accounts when Gmail credentials were used to sign in to the service.
The researcher was able to hack into Facebook accounts by using a Google OAuth id_token/code. The bug can be used to hack other accounts as well, but Facebook responded and implemented measures against the open authorization hack.
Sammouda was able to exploit redirects in Google OAuth and chain it with elements of Facebook’s logout, checkpoint, and sandbox systems to break into accounts. He received a $44,625 bug bounty from Facebook. Last year, he made $126,000 for discovering three flaws in Facebook’s Canvas technology.
Malwarebytes Labs warns against linked accounts, saying that if one password is compromised, you’re in even bigger trouble than if only one site’s password is compromised. There’s no assurance that your password will be secure when you sign up and link your accounts together.
Facebook allows users to link their accounts with third-party sites, but it is possible to unlink those accounts if you are concerned about the security of your credentials.
Forbes shared a statement from Malwarebytes Labs regarding linked accounts. The statement said that if the password for one account is compromised, you could be in even bigger trouble.
Find out more about the safety of your Gmail and Facebook account by checking out any of the news outlets listed below: