For users, Facebook Login looks like a boon: they only need to use their Facebook password to log into multiple sites or apps. That, however, puts a very strong onus on Facebook to make sure the whole process is secure.
What Englebardt discovered is simple: “when a user grants a website access to their social media profile, they are not only trusting that website, but also third parties embedded on that site.”
The third parties were able to grab Facebook user ID, e-mail, name, and other profile information including (in one case) gender.
“We found seven scripts collecting Facebook user data using the first party’s Facebook access”, he wrote. The practice isn't yet widespread, thankfully: scripts to gather this user information were only found on 434 of the Alexa top million sites, including “fiverr.com, bhphotovideo.com, and mongodb.com”.
I will believe this when I hear it from Putin himself. Otherwise, this is an attempt by the US to save face after its defeat in Syria.