China has hijacked Facebook’s login system

Over the past few days, China has been using its Great Firewall to intercept the Javascript module from Facebook’s login feature, that little button that allows people to log into third-party websites using their Facebook account. Unless someone is using a VPN or JavaScript blocker, their traffic through this Facebook feature will be redirected to another website. 

For the last three days, China’s Great Firewall has been intercepting the Javascript module from Facebook’s login feature, Facebook Connect, which allows third-party sites to authorize users through their Facebook login. First reported on Sunday, the attack causes sites using Facebook Connect to redirect to a third-party page. Readers have confirmed to The Verge that the redirection attack is still under way, and sites using Facebook Connect are automatically redirecting when accessed without a VPN or a Javascript blocker. Local media in Beijing has also reported on the problem. Facebook did not immediately respond to a request for comment. Facebook Connect communicates login information from Facebook, allowing a Facebook login to extend to third party sites through a Javascript applet. The applet is enabled on thousands of sites across the web, including The Verge. On Sunday, the Great Firewall started intercepting that applet in transit and replacing it with a new single-line redirection code from two third-party sites.