Gmail users should be aware of a new security flaw that will allow Facebook accounts to be hacked.
The problem was discovered by researcher Yusuf Samuta, who warned against using Gmail credentials to log in to Facebook on his blog.
In an eye-opening blog post, security researcher Youssef Samooda said Gmail’s OAuth authentication code was used to hack into Facebook accounts when using Gmail credentials to log in to the service. And its broader implications are significant.
Speaking to The Daily Swing, Sammuda explained that Google was able to use redirects in OAuth to integrate with Facebook’s Lockout, Checkpoint and Sandbox systems to break accounts.
Google OAuth is part of the ‘open authentication’ standard used by Amazon, Microsoft, Twitter, and others, which allows users to sign in with usernames and passwords already registered with these tech giants and link accounts from third-party sites. .
Sammouda spoke to the Daily Swick to explain the implications of this error.
According to the researcher, he was able to hack the accounts of Facebook users who registered with Gmail credentials.
He said he achieved this using the Google OAuth id_token / code to log in to the site.
This is called “open recognition”. Forbes said it was a standard used by Amazon, Microsoft, Twitter and other big names.