The Facebook Hack Exposes an Internet-Wide Failure
Facebook has received ample blame for the historic data breach that allowed hackers to not only take over the accounts of at least 50 million users but also access third-party websites those users logged into with Facebook. But what makes it so much worse is that fixing the issue is, in many ways, out of Facebook's hands.
Some of the web’s most popular sites have not implemented basic security precautions that would have limited the fallout of the Facebook hack, according to a recent research paper out of the University of Illinois at Chicago. If they had taken more care with their implementation of Facebook's Single Sign-On feature—which lets you use your Facebook account to access other sites and services, rather than creating a unique password for every site—the impact could have largely been limited to Facebook. Instead, hackers could potentially have accessed everything from people’s private messages on Tinder to their passport information on Expedia, all without leaving a trace. Even more staggering: You could be at risk even if you've never used Facebook to log into a third-party site.