Facebook is ironically asking some of its new users to hand over their email ID passwords as a verification process to authenticate new Facebook accounts.
The San Fransisco based social-media behemoth Facebook Inc. (NASDAQ: FB) is making a prompt to some of its new users to reveal the password of their personal email ID – used while signing up with Facebook – to regain admittance to Facebook.
Whenever unsuspecting users try to sign into their Facebook account, the login tool proposes to “confirm your email address” by entering the password immediately, as reported by The Daily Beast already.
The cybersecurity adroit e-sushi in a Twitter handle reportedly exposed the Facebook’s sarcasm of necessitating the new users to inscribe the password of the email ID attached to Facebook on their log-in screen. The prompt message goes like, “To continue using Facebook, you’ll need to confirm your email,” which is then subsequently demanding users to produce the personal email ID’s password. After entering the email ID another pop-up prompts stating that Facebook is “importing contacts”, nevertheless asking the user for permission to access their personal email id’s contacts.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019