SpoofedMe Social Login Attack Discovered by IBM X-Force Researchers
December 4, 2014 No CommentsSOURCE: IBM
Social login is a popular mechanism that offers a convenient way for users to quickly gain access to their Web accounts without the need to enter per-site credentials, allowing for a cohesive and integrated Web experience. It works by letting a user log in to cooperating sites that support social login by using their existing external account as an identity provider (such as a Facebook, Google+ or LinkedIn account). One can recognize a site supporting social login by the “Sign In With Facebook/LinkedIn/etc.” button.