Your Facebook data can be snatched by JavaScript trackers

Facebook is looking into a security report that reveals Facebook user data can be snatched by JavaScript trackers if they're planted in websites that let users log in with their Facebook credentials. Not just their name and email address, either: The exploit catches age range, gender, locale and possibly a profile photo too, depending on how much access the user allowed said website. Once someone logs in, any third-party JavaScript can supposedly retrieve their info at will. The report, by Princeton's Center for Information Technology Policy website Freedom to Tinker, listed 431 of the top one million sites (by Alexa rank) that have the shady scripts embedded. The list included cloud database provider MongoDB until TechCrunch brought the issue to their attention, after which they allegedly shut down the abusive script.