Social logins like the kind used by Amazon and LinkedIn can provide an easy entry point for hackers to gain access to your accounts on various websites, according to new research from IBM’s security team.
Websites often ask users for third-party social logins to post comments, with Facebook and Twitter among the most common logins users use. IBM, however, found that certain social logins can be commandeered by a hacker to post misleading information or malicious software on some sites that use them.
The hack, dubbed SpoofedMe, works like this: A hacker registers a new account on a login platform with a victim’s email address. The hacker then uses that account to sign in to a third-party website (like Nasdaq.com or SlashDot.org), posing as the victim.
IBM’s team found that Amazon and LinkedIn’s social logins were vulnerable to SpoofedMe before they warned those companies earlier this year. LinkedIn has…
View original post 143 more words