Jump to content

Facebook Caught Asking Some Users Passwords for Their Email Accounts


The AchieVer

Recommended Posts

The AchieVer

Facebook Caught Asking Some Users Passwords for Their Email Accounts

 
facebook email password
Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk.

Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account registration.

However, Facebook has been found asking some newly-registered users to provide the social network with the passwords to their email accounts, which according to security experts is a terrible idea that could threaten privacy and security of its users.

First noticed by Twitter account e-Sushi using the handle @originalesushi, Facebook has been prompting users to hand over their passwords for third-party email services, so that the company can "automatically" verify their email addresses.

However, the prompt only appears for email accounts from certain email providers which Facebook considers to be suspicious.
 
"Tested it myself registering 3 times with 3 different emails using 3 different IPs and 2 different browsers. 2 out of 3 times I faced that email password verification thing right after clicking "register account" on their front page sign up form," e-Sushi saidin a tweet.

"By going down that road, you're practically fishing for passwords you are not supposed to know!"

It’s ironic that this news came just two weeks after Facebook admitted that it mistakenly stored passwords for "hundreds of millions" of its users insecurely in plaintext for years in company logs which were accessible to 2,000 Facebook employees.

In a statement provided to the Daily Beast, Facebook confirmed the existence of such "dubious" verification process but also claimed it doesn't store the user-provided email passwords on its server.

Facebook also said it would end the practice of asking for email passwords altogether.

"We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it," Facebook said.

Facebook also noted that the users asked for their email passwords as a means of verifying their accounts could opt for other verification methods such as a passcode sent to their phone number or a link to their email address by clicking the "Need help?" button on the page.

The bottom line: As always recommended, you are never, ever advised to share your email password with anyone, or enter it into any website or any social media service, except the email service for which it is intended in order to avoid your passwords being stolen using "phishing attacks."
 
 
 
Link to comment
Share on other sites


  • Replies 2
  • Views 427
  • Created
  • Last Reply

Don't surprise me they want your real name to join  and if you try to use  a  vpn to get around it they  block you before  you can add your email  and ask for your phone  number . I try make one to talk to a woman i know on there  but i'm not  giving my real info out so we correspond by using email . They always locking people  out for asking for a cell number .Some people don't have a cell phone even. Every since they got hacked they  are insane .  :chug:

Link to comment
Share on other sites


Yep. I avoid FB like the plague of course, but there was someone I wanted to talk to on there too. I ended up buying a £10 burner phone just for FB!

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...