Given the scale and severity of the @facebook breach, I’ll share some thoughts based on our recent @USENIXSecurity paper with @m0eb1t, amrutha, @kaytwo, @stevecheckoway, where we explored the ramifications of your Facebook account being compromised. cs.uic.edu/~polakis/paper… (1/n) There are many nuanced and not-so-obvious issues that arise due to how Single Sign-On functionality interacts with local account management on 3rd parties (referred to as relying parties in the context of SSO). Facebook's current actions do not prevent these attacks (2/n).