- The bizarre incident was noticed by a security expert when he tested Facebook’s account verification methods.
- It is believed that the company did this to user accounts having email addresses from lesser-known email service providers.
After a flurry of privacy and security incidents in the past few months, Facebook has yet again managed to get into hot soup in another privacy misadventure. A security expert who goes by the name e-sushi found out that Facebook was asking email passwords for account verification. If users tried to log into their accounts, they would be prompted to enter their own email passwords as a measure of verification.
Upon informing the social networking company, it said that the shoddy security practice did not store passwords, and mentioned that would be dropped soon.
The big picture
- e-sushi discovered the incident on March 31 when he tried testing the account verification methods.
- The prompt was displayed to new users who signed up with email addresses from uncommon email service providers.
- Facebook told The Daily Beast that they did not store email passwords and also mentioned that the practice would be discarded.
- The company also stated that it would revert to phone-based verification or a link sent to emails to authorize logins.
Facebook receives backlash
Cybersecurity expert Jake Williams opines that the social networking website should stick to such methods. “That’s beyond sketchy. They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook.” he told The Daily Beast.
Moreover, e-sushi warns that it could harm privacy significantly. “By going down that road, you're practically fishing for passwords you are not supposed to know!” he tweeted.