The specialist in themeτα ασφαλείας Egor Homakov από την εταιρεία Sakurity the Reconnect tool was released (Relink) that allows hackers to exploit a Facebook vulnerability to compromise accounts on websites that use the feature "connect with Facebook".
Homakov, working for the Sakurity pentesting company, reported a Facebook vulnerability a year ago, but the company did not update its code to protect a huge number of websites using the feature.
The Reconnect εκμεταλλεύεται ελαττώματα cross-site request forgery (CSRF) affecting Facebook Login, which allows users to connect to third-party websites through their Facebook accounts. Basically the vulnerability allows attackers to gain access to victims' accounts using Facebook apps developed by third-party websites such as Mashable, Vimeo, About.me, Stumbleupon and many others.
"The Reconnect is a ready-to-use tool to enter into Facebook accounts using Facebook Login, for example on Booking.com, Bit.ly, About.me, Stumbleupon, Angel.co, Mashable.com, Vimeo and many more, "wrote Homakov in a post at blog of his company.
Facebook, on the other hand, declined to accept the attack, blaming the developers who do not follow Facebook's best practices.
To put it differently, the social network did not correct the vulnerability because the researcher did not follow the word defined by Facebook.
Until the company fixes the problem, websites that use Facebook Login can disable it service από τα sites τους.