Gmail is the most popular and secure email service in the world, but a new “authentication code” alert has caused a great deal of concern among users.
And Youssef Samouda, a security researcher, revealed in a post on a technical blog that a flaw in the “authentication code” issued by Gmail enables him to exploit security holes in the social networking site Facebook. Hack accounts. .
Samuda explained that he was able to take advantage of Google OAuth redirects and link them to Facebook security systems to hack accounts.
Google OAuth is a system used by Amazon, Facebook, Microsoft, Twitter and others to allow users to link their accounts to external sites.
Samuda stressed that “this vulnerability could be exploited on a large scale” and stressed that he had received about $ 45,000 in “rewards” from Facebook for the security flaw he discovered.
Explaining the discovery, the Malwarebytes Labs website, which specializes in information security, issued a warning to anyone using accounts linked to a number of them, saying: “Linked accounts have been invented to facilitate the login process. “We do not recommend it, because if one receives only one password, one can control all other accounts.”
And if this alert bothers you, you can unsubscribe from accounts, including Google OAuth.
For example, on Facebook, you can go to “Settings and Privacy”, then “Settings”, then “Account Center” and “Accounts and Profiles”, then you can select “Unlink”.
You can do the same with other sites like Twitter, Amazon and Microsoft.
Source: Lebanon Debate
