One of the admins on another forum posted as below and offered it for use on other forums.
I completely agree with the recommendation to avoid Google or Facebook single sign-in options on HealthUnlocked.
Unexpectedly logged out of Facebook last week? If so, it is time to change your Facebook password and rethink your password use.
Along with many other sites, HealthUnlocked offers the convenience of using your Facebook or Google account to login. This convenience feature is termed 'Single Sign-on', but comes with a security downside if the single sign-on account is hacked, as happened last week with Facebook. That hack captured the single sign-on key used by possibly 90,000,000 Facebook accounts plus all the sites where those affected used their Facebook login for access:
healthunlocked.com/api/redi...
Note that this is entirely outside of HealthUnlocked's control. Sites such as HealthUnlocked that provide members with single sign-on access are dependent on the single sign-on provider (Facebook or Google) to maintain account security on their respective sites.
To reiterate "...in the context of this (Facebook) attack, those keys unlocked not just Facebook accounts, but any site that affected users accessed with a Facebook login.
:
Given the keys allowed the hacker to take over any account using a Facebook login, the real number of affected individuals is likely far higher than 50 million. A vast number of people have trusted Facebook would be able to keep their login information safe, just as they do with Google and other tech providers. Should Facebook's rivals be trusted with people's online security too? This week's breach would suggest perhaps not."
healthunlocked.com/api/redi...
The best way to protect against this security risk is to have different login passwords for each site where you provide sensitive information. Using a different username will also minimise your risk of people you know finding out that you have a health condition that may impact your career and relationships.
~~~~
Latest news is that Facebook logged out 90,000,000 users, 29,000,000 have had data stolen from their accounts and the FBI are now investigating the hack. The personal data stolen included phone numbers, emails, gender, home towns and even relationship data.
To check if YOUR data was stolen, go to this Facebook Help Center page: facebook.com/help/securityn... and log in to your account. Scroll down to the section in light blue 'Is my Facebook account impacted by this security issue?' for advice on what, if any data was stolen from your account.
