Facebook is investigating a report that suggests its Log In With Facebook feature on a variety of websites across the Internet could have allowed for the collection of personally identifiable information.
That said, few of those websites are those you've ever really heard of. And being in the top 1 million of the world's most popular sites doesn't necessarily mean that traffic is overwhelming.
Log In With Facebook is a feature that allows users to sign in to a service or app with their Facebook credentials rather than be forced to create all-new credentials for the respective site. It cuts down on the number of usernames and passwords users need to keep.
"When a user grants a website access to their social media profile, they are not only trusting that website, but also third parties embedded on that site," the researchers wrote in their report.
They added, however, that the problem isn't necessarily one with Facebook. Instead, they believe that it sheds light on "the lack of security boundaries between the first-party and third-party scripts in today's Web."
In a statement to TechCrunch, Facebook confirmed that any service "scraping Facebook user data is in direct violation" of the company's policies. Facebook said that it's investigating the matter, but has also turned off a feature that linked a person's unique user id in applications to their Facebook profile pages.
Facebook added that it's examining whether to include "additional authentication" with its Log In With Facebook feature.