By Greg Griffiths | Posted on October 05, 2018
On Friday, September 28, Facebook revealed a massive security breach that potentially exposed the personal information of up to 90 million users. According to the New York Times, “The breach … was the largest in the company’s 14-year history. The attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially take control of them.”
That was really bad news. But it gets even worse when you consider the implications of social login. The fact is, many Facebook users utilize their Facebook credentials to log into other websites, applications, and services. They rely on social login to eliminate the hassles of remembering lots of different usernames and passwords. This means that the bad actors who hacked Facebook may have had the ability to access user accounts on other sites and platforms as well.
As reported by Business Insider, “Not only did the hackers obtain the ability to access the Facebook accounts of the affected users, they also had access to any other service in which a person used their Facebook account to register — including apps like Tinder, Spotify, and Airbnb.” Facebook, however, reported that it has found no evidence that attackers used stolen account access tokens on other websites or apps.
This hack was a big deal. Facebook provides its users with the most popular third-party login credentials for other sites and applications. And it is becoming more and more popular as time goes on. As a global identity management provider to some of the world’s leading brands, Janrain keeps statistics on how frequently Facebook credentials - and other social media credentials - are used to access apps.
Here’s a breakdown of which third-party - or Social Login - credentials people used to log into sites and applications supported by Janrain from 2011-2018:
As you can see, Facebook was already dominant in 2011, representing over 41% of all third-party social logins. People were also using other third-party credentials such as Google, Twitter and Yahoo. Today, Facebook is the clear leader as the social login of choice for a majority of users. Facebook and Google combined command an impressive 94% of the market, leaving Yahoo, Twitter and others as minor players.
At Janrain, we enable the use of social login using credentials from Facebook and Google and more than 30 other social networks - and we support the convenience and efficiencies associated with this popular authentication method. However, as with every authentication method, there are both benefits and risks. No single method provides 100% security.
Social login provides a number of benefits to companies and their customers alike. For users, it provides convenience. For brands, expenses related to password recovery are significantly reduced and account abandonment rates decrease. Our implementation teams work with our clients so they can understand - and mitigate - the risks associated with social login implementation while maximizing the benefits. Janrain assists the brands we serve in deploying social login alongside multi-factor and step-up authentication processes and additional safeguards against fraudulent account creation and access.
Learn more about how social login and other capabilities of the Janrain Identity Cloud can be leveraged to create a secure and seamless customer experience.
Managing identities is a central concern of every enterprise. Almost all businesses have employee…
Why customer experience is essential to (C)IAM success.
Ten years ago identity and access…
From the barista who knows exactly how sweet you like your daily nonfat, caramel macchiato to the…