When we use an electronic commerce (EC) web application, the EC website authenticates users for a so-called social login that uses a social media account, e.g., Facebook, Google, or Twitter. In this case, it is mostly implemented using OAuth and OpenID Connect. However, the implementation of a website can involve privacy concerns or be vulnerable to various attacks. In this paper, we investigate the implementation of social logins for 500 American EC sites. We observed eight websites that acquired more user permissions from SNS than necessary, and 76 websites that may be vulnerable to attacks due to improper implementation or use of grant type not recommended by RFC. We compared these results.to the results of similar investigations into Japanese website.