Facebook, the social media giant known for their many privacy and security lapses, was recently caught prompting people to reveal their personal email passwords as part of their user verification process for new accounts.
Facebook claims this only occurred with a “very small group of people,” and that they will no longer offer this option, although it is still unclear how many people went through this verification process.
The Twitter user @originalsushi called out Facebook tweeting, “…demanding the secret password of the personal email accounts of your user for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view…”
In March, Facebook claimed that they are pivoting towards being a privacy and security focused technology company, which would be helpful considering they were also caught storing hundred of millions of users’ Facebook passwords in plain text, viewable by Facebook employees.
Facebook’s Messenger app also recently had a bug that allowed snoops to read personal messages, and allowed people to search for users through their phone numbers that Facebook uses for two-factor authentication.
Author: Adam Sarwar