Researchers say they have found a number of serious flaws in the single-sign on system used by Facebook. Google and PayPal are among the users of OpenID. Researchers were able to persuade third-party websites that they were somebody else and hijack that person’s legitimate Facebook account using Facebook’s authentication system. In one of the flaws the researchers exposed, for example, not all websites confirmed that a verification coming from OpenID included all of the items the website asked to be confirmed, such as the first name, last name and email address.”]
Source: https://www.csoonline.com/article/2135113/not-ready-to-give-up-on-single-sign-on.html