Abusing Google and Faceboook Login: On the risks of trusting third-party logins
As a top Internet-facing company, Wix is no stranger to bot attacks, but a sudden 8x leap in signups held surprises. Among them: every new registrant (800 of them per minute) used Facebook and Google login credentials. Behavior-based analysis stopped the attack, but it took careful sleuthing to understand the elaborate scheme. PerimeterX CTO and Wix discuss:
- The false confidence that come with a new user who has; the right credentials.
- The versatility of a fake account, putting the innocent human user’s social networks at risk.
- How quickly after fake account creation can it be used for mischief.
- Best practices and guiding principles for a secure implementation of social logins to your site