February 6, 2023

Taylor Daily Press

Complete News World

Okta acknowledges customers affected by Lapsus$ attack – Computer – News

Before trying to correct me in this “friendly” way, I would have researched it myself †

I got it not About the risks, for example, that Tinder can access my Facebook data, but vice versa… Facebook can access my Tinder data.

If you are using a social login, He is Often there is no password at all (unless you combine it with a password scheme). So the whole story about passwords is not relevant here either.

Such a party simply cannot log into your account using your username and password because they do not know the latter. They also don’t have any data from the app to login directly there, just the client id and a secret to start the authentication request thus getting the url where the user has to go to to log in. This redirect (+ all checks if this url is allowed etc) with a token. The application makes another request to replace this code with an authentication code and voila, login. Now it’s the other way around that the app has access to the third party via the API and not the other way around.

Your story is correct, but you skipped the last step: Tinder has now worked, thanks Access code Access token, and access to some of my Facebook data (email/maybe some photos). But what now? I really want to log into Tinder. This is what happens behind the scenes:

  • 1. Tinder requests the email address associated with the access code from Facebook.
  • 2. Tinder, using Facebook, checks if the access code has already been issued to the Tinder app, and nothing else.
  • 3. If true, Tinder knows for sure that I am the owner of the Facebook account associated with that email address, And the I want to sign in to Tinder.
  • 4. Then I can access my Tinder account/photos/chat history.
See also  This company won't wait until January to index wages: 'Life is getting expensive fast'

What is the most important piece of information in this flow? Access token…. who can create that? Facebook. Who can access my Tinder data? Facebook (FBI / FB employees / hackers).

This is where I see the danger. This can be prevented by solving 2FA that not It is owned by Facebook.

Let me put it another way:
I have it for Tinder number Set password. where is he From Necessary information to log in, if not with Facebook?

In short, do yourself a favor and read about how to do things like that.

In short, try to be a little friendly. We both have enough knowledge to have a normal discussion about it †