AdobeStock_102921353

Ad Fraud Insights

Mobile Ad Fraud

Facebook and Election Manipulation: Why We Should Be Worried About Auto Login

close
    Written by Richard Kahn
    on November 06, 2018

    As we head to the polls today to vote in the U.S. midterm elections, it’s hard to believe it’s been two years since the 2016 presidential election. During the rollercoaster election, social networks were plagued with fake accounts and fake news, all in an effort to sway voters’ ballots.

     

    In 2017, Facebook finally acknowledged malicious actors used their platform “with the intent of harming the reputation of specific political targets.” Since then, Facebook has ramped up their efforts to prevent future election manipulation. One of those efforts is a “War Room,” which I recently discussed. But while Facebook is taking on fake content, they are leaving the back door open for another potential election security risk: false logins.

     

    The Problem: You Never Really Log Out of Facebook on the Web  

    Every time you log into the social network, Facebook sets local storage values and/or cookies that can potentially be used for nefarious purposes by hackers. Local storage values are typically not cleared with cookies and are cumbersome to delete on desktop computers, and it's even harder to delete on mobile devices.

     

    Related Post: How Publishing Poor Quality News Results in More Ad Fraud

     

    As a result, even after you “log out of Facebook,” there’s the potential for a hacker to “log you back in.” If a hacker accesses your email and knows the local storage value and/or cookies, they can also log into your Facebook account with a single click, bypassing a formal login, providing they have the right values set. With current and future elections, false logins could potentially create a major risk for manipulation.

     

    Google’s Gmail Is Already Vulnerable to Hackers

    It’s no secret Google’s Gmail has security vulnerabilities. Throw in Facebook and you’ve got the perfect election manipulation storm.

     

    Let’s say a hacker accesses your Gmail account. Scrolling through, they see a notification email from Facebook that you were tagged in a post. They open the email, see a preview of the tagged post along with a link ‘View on Facebook.’ The hacker clicks the link and now they’re in, with full access to your Facebook account. And this isn't just applicable to a hacker knowing the local storage value. Most people never log out of their Facebook app to begin with. 

     


    Facebook

    For a hacker looking to do some election manipulation, they can spam your followers with fake content, making it appear it’s from you. For the average person, this may just be an annoyance. But if you’re an individual who plays a prominent role in the media or politics, this can be damaging. And for individuals who aren’t able to discern the real news from the fake, how do you mitigate it once it’s gone viral? Unfortunately, oftentimes you can’t.  And that’s not the worst of it.

     

    Did you know that Google has a “dots don’t matter” policy in how it processes email addresses? Imagine you get an email notification alert from Facebook for “JohnDoe@gmail.com” that was intended to go to “John.Doe@gmail.com.” When you realize it isn’t your account, you delete the email. But what happens if that email falls into the hands of a person with a different moral compass?

     

    Related Post: Facebook Isn’t the Only One That’s Misusing Data

     

    Now they also have the potential to access another individual’s Facebook account.

     

    How to Protect Yourself

    Short of completely swearing off Facebook and deleting your account, as of now there’s nothing to prevent false Facebook logins from Gmail or any and all email providers.

    Google does offer security activity alerts. If you haven’t already, make sure you turn on email alerts so you’ll be notified of any suspicious sign-in activity. And of course, keep close tabs on any activity coming from Facebook.

     Where Is Ad Fraud Coming From? Read the report to find out more.

    You may also like:

    Mobile Ad Fraud

    Hacked at Home: Why You Should Protect Your Smart IoT Devices

    Ad fraud protection for your refrigerator? It might not be as crazy as it sounds. But hackers don’t want access to your ...

    Mobile Ad Fraud

    Instagram Hacked? Here's What You Need to Know

    Your Instagram got hacked. Now what?

    Mobile Ad Fraud

    Are You Being Ghosted by a Bot?

    Valentine's Day is quickly approaching, and if you’re scrambling to get a date you may find yourself scrolling through M...