‘SpoofedMe’ attacks exploited LinkedIn, Amazon social login flaws

IBM’s X Force security researchers found an easy way to gain access to Web accounts by taking an advantage of an oversight in how some social login services are configured.

Those services allow someone to login to a Web service using, for example, their LinkedIn credentials. It’s a convenient way for users to create new accounts on websites by using existing information.

But in one instance, the researchers found they could gain control of accounts at Slashdot.org, Nasdaq.com, Crowdfunder.com and others by abusing LinkedIn’s social login mechanism.

Other identity services were also found to be vulnerable to the “SpoofedMe” attack, wrote Or Peles and Roee Hay of IBM Security Systems.

To read this article in full or to leave a comment, please click here