Brought to you by NGT Marketing Group

IBM Security: Beware the Social Login Hacker

IBM Security: Beware the Social Login Hacker

IBM security officials have detected a malicious attacker who intrudes into user accounts of those who log in to third-party websites via a social login.

We’ve all seen it — "log in via Facebook, Twitter, LinkedIn, etc."

Makes things easier.

But that, according to IBM, is the point where a recent attacker penetrates a relying website — a website that relies on authentication assertions passed to it by the identity provider — and abuses the social login mechanism.

IBM’s security group — called the IBM X-Force Application Security Research Team — identified the vulnerability last week in LinkedIn, Amazon and MYDIGIPASS.COM login tools offered on vulnerable websites such as Slashdot, Spiceworks and NASDAQ, according to Diana Kelley, executive security advisor for IBM Security.

"We do not know how many websites are vulnerable to this attack," Kelley told CMSWire, "but given the size of the internet, it’s hard for us to determine which are."

Read full story…


Follow us on Twitter

Join free newsletter

View upcoming events

Find a new job

5
Like
Save

Comments

Write a comment

The Marketing Digest: Brought to you by NGT Marketing Group LLC

Enjoy this blog? Please spread the word :)

RSS
Follow by Email
Facebook
Facebook
LinkedIn