The recent hack of 50 Million Facebook user accounts was big news in the security industry. (The link above tells you how to check to see if your Facebook account was hacked).
The reason it was big news is because many websites (NOT RunSignUp) allow users to login with their Facebook ID. This generates possible contagion as outlined in the NY Times article.
“Companies that allow customers to log in with Facebook Connect are scrambling to figure out whether their own user accounts have been compromised.”
RunSignUp does not implement Facebook Connect because of several issues, contagion of security gaps is just one. Another is that Facebook has a tendency to change privacy policies and data ownership, as well as change the API access often without notice or recourse. We did not want our races to be stuck with imposed restrictions and risks.
For races that might use Facebook Connect on other systems, it is unclear what the real risks are. There could be some potential risk that participants may hold your race accountable for other systems that you might use. There is also some potential risk that other systems could be compromised and expose data and that might become a public embarrassment. In our opinion, the real risk is the idea that you have not done everything possible to protect your users. As the past few years have taught us, no system can guarantee 100% security, but it is the obligation of system providers and races to at least try.
We would suggest that other registration companies follow our lead of eliminating Facebook Connect (and Google and Twitter Logins) as well as offer users MultiFactor Authentication. That is the first and best and most proven secure way to give users control over their own data.
One thought on “Facebook Hack Risks for Races”