Photo: Thomas Trutschel/Photothek via Getty Images

Facebook disclosed last Friday that 50 million accounts had been breached, and forcibly logged out 90 million affected users. It appears the hackers could have accessed sensitive profile information, purchase histories and private messages. Most disturbingly, since Facebook logins can be used on other sites, companies using that Facebook Connect feature are now rushing to figure out whether their sites were breached.

Why it matters: Single-sign-on login systems do not make a hack more likely. But they do affect what a hacker can access from inside a system. While Facebook reports there is no evidence third-party apps were accessed, this incident should cause consumers to re-evaluate whether to link accounts in the first place.

Single-sign-on systems allow hackers to get more information in one sweep. So, for third-party apps that contain sensitive data, it’s important to compartmentalize. If data held on the third-party site — medical records, for example — would be more sensitive if linked to a Facebook account, it should be kept separate. Similarly, if two third-party sites contain data that would be more sensitive if accessed together — say, credit card information and upcoming travel plans — those shouldn’t be linked either.

Yes, but: Facebook Connect–style login systems are still useful where the third-party app does not contain sensitive information. For sites without payment information or personal data, using Facebook Connect is convenient and poses limited risk. Because such systems can be easier to reset, they also can prevent hackers’ long-term access.

The bottom line: Even the companies best at protecting consumer data will not get it right all the time. All it takes is a handful of flaws — in this case, three — for a hacker to enter a system. Consumers need to be wary of linking information that collectively make them more vulnerable. Information that must be kept private is best left offline.

Betsy Cooper is joining the Aspen Institute's Technology and Cybersecurity Program this month as policy director. She is also a senior advisor at Albright Stonebridge Group.

Go deeper

Updated 35 mins ago - Politics & Policy

Voters in Wisconsin, Michigan urged to return absentee ballots to drop boxes

Signs for Joe Biden are seen outside a home in Coon Valle, Wisconsin, on Oct. 3. Photo by KEREM YUCEL via Getty

Wisconsin Democrats and the Democratic attorney general of Michigan are urging voters to return absentee ballots to election clerks’ offices or drop boxes, warning that the USPS may not be able to deliver ballots by the Election Day deadline.

Driving the news: The Supreme Court rejected an effort by Wisconsin Democrats and civil rights groups to extend the state's deadline for counting absentee ballots to six days after Election Day, as long as they were postmarked by Nov. 3. In Michigan, absentee ballots must also be received by 8 p.m. on Election Day in order to be counted.

43 mins ago - Technology

Facebook warns of "perception hacks" undermining trust in democracy

Photo Illustration: Sarah Grillo/Axios. Photo by Jamie Squire/Getty Images

Facebook warned Tuesday that bad actors are increasingly taking to social media to create the false perception that they’ve pulled off major hacks of electoral systems or have otherwise seriously disrupted elections.

Why it matters: "Perception hacking," as Facebook calls it, can have dire consequences on people's faith in democracy, sowing distrust, division and confusion among the voters it targets.

Obama: Trump is "jealous of COVID's media coverage"

Former President Barack Obama launched a blistering attack on President Trump while campaigning for Joe Biden in Orlando on Tuesday, criticizing Trump for complaining about the pandemic as cases soar and joking that he's "jealous of COVID's media coverage."

Driving the news: Trump has baselessly accused the news media of only focusing on covering the coronavirus pandemic — which has killed over 226,000 Americans so far and is surging across the country once again — as a way to deter people from voting on Election Day and distract from other issues.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!