Abusing Google and Faceboook Login: On the risks of trusting third-party logins

As a top Internet-facing company, Wix is no stranger to bot attacks, but a sudden 8x leap in signups held surprises. Among them: every new registrant (800 of them per minute) used Facebook and Google login credentials. Behavior-based analysis stopped the attack, but it took careful sleuthing to understand the elaborate scheme. PerimeterX CTO and Wix discuss:

  • The false confidence that come with a new user who has; the right credentials.
  • The versatility of a fake account, putting the innocent human user’s social networks at risk.
  • How quickly after fake account creation can it be used for mischief.
  • Best practices and guiding principles for a secure implementation of social logins to your site