Oct 5, 2018

Facebook breach changes calculus for third-party logins

Photo: Thomas Trutschel/Photothek via Getty Images

Facebook disclosed last Friday that 50 million accounts had been breached, and forcibly logged out 90 million affected users. It appears the hackers could have accessed sensitive profile information, purchase histories and private messages. Most disturbingly, since Facebook logins can be used on other sites, companies using that Facebook Connect feature are now rushing to figure out whether their sites were breached.

Why it matters: Single-sign-on login systems do not make a hack more likely. But they do affect what a hacker can access from inside a system. While Facebook reports there is no evidence third-party apps were accessed, this incident should cause consumers to re-evaluate whether to link accounts in the first place.

Single-sign-on systems allow hackers to get more information in one sweep. So, for third-party apps that contain sensitive data, it’s important to compartmentalize. If data held on the third-party site — medical records, for example — would be more sensitive if linked to a Facebook account, it should be kept separate. Similarly, if two third-party sites contain data that would be more sensitive if accessed together — say, credit card information and upcoming travel plans — those shouldn’t be linked either.

Yes, but: Facebook Connect–style login systems are still useful where the third-party app does not contain sensitive information. For sites without payment information or personal data, using Facebook Connect is convenient and poses limited risk. Because such systems can be easier to reset, they also can prevent hackers’ long-term access.

The bottom line: Even the companies best at protecting consumer data will not get it right all the time. All it takes is a handful of flaws — in this case, three — for a hacker to enter a system. Consumers need to be wary of linking information that collectively make them more vulnerable. Information that must be kept private is best left offline.

Betsy Cooper is joining the Aspen Institute's Technology and Cybersecurity Program this month as policy director. She is also a senior advisor at Albright Stonebridge Group.

Go deeper

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 4:30 p.m. ET: 1,579,690 — Total deaths: 94,567 — Total recoveries: 346,780Map.
  2. U.S.: Total confirmed cases as of 4:30 p.m. ET: 452,582 — Total deaths: 16,129 — Total recoveries: 24,790Map.
  3. Public health latest: U.S. has expelled thousands of migrants under coronavirus public health orderDr. Anthony Fauci said social distancing could reduce the U.S. death toll to 60,000.
  4. Business latest: The Fed will lend up to $2.3 trillion for businesses, state and city governments — Another 6.6 million jobless claims were filed last week.
  5. World latest: Boris Johnson is moved out of ICU but remains in hospital with coronavirus.
  6. In Congress: Senate in stalemate over additional funding for small business relief program.
  7. What should I do? Pets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk.
  8. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Biden rolls out new policies in effort to court Sanders supporters

Photo: Scott Olson/Getty Images

The Biden campaign announced two new policies on Thursday on health care and student debt that are squarely aimed at appealing to supporters of Bernie Sanders, who ended his campaign for the Democratic nomination on Wednesday.

Why it matters: The policies don't go as far as Sanders' platform, but they signal that Biden is serious about incorporating elements of his former rival's agenda in an effort to help unify the Democratic Party and defeat President Trump in the general election.

Reports: Saudi Arabia and Russia reach major deal to cut oil production

Photo: Joe Klamar/AFP via Getty Images

OPEC+, led by mega-producers Saudi Arabia and Russia, reached a tentative agreement Thursday to impose large cuts in oil production as the coronavirus pandemic fuels an unprecedented collapse in demand, per Bloomberg and Reuters.

Why it matters: The revival of the OPEC+ collaboration patches up the early March rupture between the countries, which had pushed already depressed prices down much further by threatening to unleash even more new supplies into the saturated market.