The dirty secret behind those ‘log with Facebook to view your past life’ pages.

The other day I was randomly wasting time on Facebook whilst chilling out a bit. On the news feed I saw a post of a friend which goes like “How was your past life?” (Picture below to illustrate). These posts will typically require you to log in with your social media account and then you can choose to post your result to your favorite social platform.

pastlifefacebook
Typical example in order to lure in unsuspecting people.

Nothing harmful; it’s just random fun right? Unfortunately, it’s not the case. So one might wonder: what’s so dangerous with these? Let’s go through the workflow of how these pages work.

1) You visit these kind of pages

Someway or another, you end up on these pages. This can be either visiting a link which some friend has already shared on their profile or maybe some shady advert. Typically, it will bombard you to log in with your social media account, just to make it easy for you to follow through.

pastlifefacebook2.png
Easy right? Login with Facebook for some magic!

2) You click the link and you are redirected to provide your personal information

Let’s face it, probably everyone has some social media account today. These “Login with Facebook” buttons makes it a breeze to log in to your favorite site, so why not click it here as well? Anyway, when clicking it, you’re faced with this screen.

loginwithfacebook
Logging in with Facebook; pretty normal.

All right, this screen is familiar, thus this is 100% safe. Well, not so much. Let’s take a second to read what the website will obtain from my Facebook profile:

  • Public Profile (picture and public information)
  • Photos (it seems ALL your public photos; that’s not very cool!)
  • Email Address

Aha! There’s the catch! So this silly application which obviously does not require my email address is requiring it? Even worse, what’s that information icon hiding?

loginwithfacebook2
Would you like a sample of my blood as well?

There we go, so the complete list now looks like the following:

  • Name
  • Profile Picture
  • Age (range)
  • Gender
  • Language
  • Country
  • Other Public Info (This is not properly described)
  • Photos (it seems ALL your public photos; that’s not very cool!)
  • Email Address

I think I’ve made my point now; in order to access something trivial, this page is stealing and harvesting a LOT of innocent user data!

So what, they’ve got my email! Does it really matter? I mean, it’s just my email! Actually, it’s still dangerous unfortunately. These emails end up in some guy’s list and potentially cross-checked with some known email – password combination. But, that might be just me and my paranoid thoughts.

PS: You think someone can’t cross-check your email and password from hacked lists? Check out this site.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s