Facebook hack reveals the perils of using a sin... - Thyroid UK

Thyroid UK
106,886 members123,798 posts

Facebook hack reveals the perils of using a single account to log in to other services - including your HealthUnlocked account

helvella
helvellaAdministrator

One of the admins on another forum posted as below and offered it for use on other forums.

I completely agree with the recommendation to avoid Google or Facebook single sign-in options on HealthUnlocked.

Unexpectedly logged out of Facebook last week? If so, it is time to change your Facebook password and rethink your password use.

Along with many other sites, HealthUnlocked offers the convenience of using your Facebook or Google account to login. This convenience feature is termed 'Single Sign-on', but comes with a security downside if the single sign-on account is hacked, as happened last week with Facebook. That hack captured the single sign-on key used by possibly 90,000,000 Facebook accounts plus all the sites where those affected used their Facebook login for access:

healthunlocked.com/api/redi...

Note that this is entirely outside of HealthUnlocked's control. Sites such as HealthUnlocked that provide members with single sign-on access are dependent on the single sign-on provider (Facebook or Google) to maintain account security on their respective sites.

To reiterate "...in the context of this (Facebook) attack, those keys unlocked not just Facebook accounts, but any site that affected users accessed with a Facebook login.

:

Given the keys allowed the hacker to take over any account using a Facebook login, the real number of affected individuals is likely far higher than 50 million. A vast number of people have trusted Facebook would be able to keep their login information safe, just as they do with Google and other tech providers. Should Facebook's rivals be trusted with people's online security too? This week's breach would suggest perhaps not."

healthunlocked.com/api/redi...

The best way to protect against this security risk is to have different login passwords for each site where you provide sensitive information. Using a different username will also minimise your risk of people you know finding out that you have a health condition that may impact your career and relationships.

~~~~

Latest news is that Facebook logged out 90,000,000 users, 29,000,000 have had data stolen from their accounts and the FBI are now investigating the hack. The personal data stolen included phone numbers, emails, gender, home towns and even relationship data.

To check if YOUR data was stolen, go to this Facebook Help Center page: facebook.com/help/securityn... and log in to your account. Scroll down to the section in light blue 'Is my Facebook account impacted by this security issue?' for advice on what, if any data was stolen from your account.

9 Replies
oldestnewest

I have a Google email because mobile phones (at least Android ones) seem only to work on Google . But I normally use a different one (Yahoo) to log into everything else.

And I gave up Facebook last year and only use WhatsApp now

helvella
helvellaAdministrator
in reply to Jnetti

Android phones work perfectly well with Microsoft email! Think Office 365 but also @live.com, @outlook.com, or @msn.com :-)

Jnetti
Jnetti
in reply to helvella

I mostly use a Yahoo email. As said to Angel-of-theNorth, I was told I needed a google account to use the phone

Android phones work with any providers email.

When I bought my first smartphone I was told I had to have a Google account. to use their phones

helvella
helvellaAdministrator
in reply to Jnetti

You might have to create a Google account to permit use of the store for downloads, but you do not have to use it for your ordinary email.

Jnetti
Jnetti
in reply to helvella

I see, that must have been what they meant. Thanks

The link you posted takes you to the help centre but that page is no longer available...

helvella
helvellaAdministrator
in reply to Zephyrbear

Not clear what is happening for you. For me:

the first link goes to a page on theconversation <dot> com

the second link goes to a page on www <dot> forbes <dot> com

Just checked and both still work.

You may also like...