- Facebook suffered the biggest hack in its history last week.
- The breach was potentially huge, impacting not just Facebook profiles but also sites where users use their Facebook credentials to log in like Tinder or Spotify.
- Facebook said there was no evidence to show third-party sites were affected, but if they were, the scale of the problem could be enormous.
- Facebook has come to dominate social logins, squeezing the likes of Yahoo and Twitter out of the market – as these charts show.
Facebook revealed the worst security breach in its history on Friday. Hackers, the company confirmed, had taken advantage of multiple bugs in its code, potentially gaining access to 50 million users’ full social media profiles.
This was extremely bad news, but it only got worse. Facebook later confessed that the problem could be much bigger, because the nature of the vulnerabilities potentially also gave hackers access to third-party services like Tinder, Airbnb, and Spotify.
Lots of people use Facebook to log into other sites to avoid the hassle of remembering lots of passwords, and it’s possible that affected users also had information stolen from these accounts.
On Tuesday night, Facebook said there was no evidence that hackers had used stolen “tokens” to access these third-party accounts. That is not the same as saying that it definitively did not happen, and several third-party sites such as Spotify and Tinder are conducting their own investigations. Facebook hasn’t provided much more detail while it continues its investigation.
It turns out Facebook is the most popular third-party login mechanism for other sites, according to statistics shared with Business Insider by Janrain, an identity management firm. And it’s only become more popular over time.
This chart shows which services people used to log into other sites in 2011:
- Business Insider/Janrain
Facebook is pretty dominant, but people are also using lots of other services like Google, Twitter, Yahoo, and Windows Live (represented by the yellow block). Everyone else is a small player.
This chart shows how things have changed by 2018:
- Business Insider/Janrain
Facebook has cemented its dominance. Together with Google, it commands 94% of the market, leaving Yahoo, Twitter, and others trailing in the dust.
Part of the reason for the change is that more people are doing everyday tasks online, and there are a lot of websites that now require a login.
In 2011, you probably ordered a pizza over the phone. Now you do it online and, because every business is desperate to know who its customers are, you need to create an account. It’s much easier to log in using your Facebook than remember a whole new account name and password, especially for sites you visit infrequently.
Facebook and Google realised that the battle for online identity would become an important one, and each pitched to own your online persona. The advantage for consumers was that both firms were big, trusted providers who removed the need to remember passwords. The advantage for Facebook and Google was ever more data about what you were doing when you weren’t on Facebook or Google.
Most of the time, people are happy about the trade-off. But even big, multi-billion dollar companies are not completely infallible when it comes to security. And every now and then, that 94% market share looks like a liability, not a win.