• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Vitanium logo

Vitanium

  • Home
  • Products & Services
    • Datahive cloud backup
    • Veeam cloud connect backup
    • Veeam cloud connect for MSPs
    • Veeam Cloud Connect Replication
    • Cloud email filtering
    • Cloud email archiving
    • Virus Protection
  • Solutions
    • Office 365 Solutions
    • Ransomware
    • Business continuity
    • GDPR
    • Backup for education
  • Pricing
    • Datahive backup
    • Veeam cloud connect
    • Cloud email filtering
    • Cloud email archiving
  • Partners
  • About
  • Blog
  • Contact
Mark Zuckerburg asking for your facebook password

Facebook Wants Your Passwords… For Legitimate Reasons?

April 5, 2019

Facebook Wants Your Passwords… For Legitimate Reasons?

As if it wasn’t bad enough that they had been storing millions of users’ passwords in plaintext, with over 2000 internal employees having access to them, Facebook have made another whoopsie.

It has been revealed that Facebook are using pretty much the worst user-verification available, adding more of a security risk for their users. When you sign up from a non-standard email address, for example not using gmail or Hotmail email address, and the circumstances seem a little suspicious, such as using a VPN, Facebook tries to verify you are legitimate by asking for your email password.

This was discovered by Twitter user @originalesushi, who said, “Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you’re practically fishing for passwords you are not supposed to know!”

We couldn’t agree more. You definitely wouldn’t find this in any other company’s best practice handbooks. Perhaps they read from the worst practice handbook by mistake!

Of course, Facebook came out with their shields up, stating that it was possible to bypass this by clicking the “need help?” button to select a different method, although that is not clear at all on the login form. They also said that the password is not stored on any Facebook servers and that it is “automatically verified” instead, however they did agree that it is not the best method of verification and have removed it as an option completely, leading us to think that maybe they weren’t so confident it was 100% above board.

Just to confirm, best practice is to never give your email password to anyone, for any reason. They are normally phishing attempts to gain access to your accounts. Of course, we wouldn’t insinuate that Facebook are trying to get hold of more data than they need, but it is yet another dubious practice and users’ faith in the company has been dwindling enough recently already. Surely it must be time to eradicate these security issues once and for all to make a point!

EDIT:

It’s hard to keep up with Facebook’s woes! Yet more news has come out before I even managed to get this one up.

Over 540 million users’ data has been discovered on unprotected Amazon cloud servers. Data includes 146GB of data collected by a third party developer from Mexico called Cultura Colectiva. Amongst the details collected are comments, likes, reactions, names, user IDs and more.

A second dataset contained records on much fewer people at 22,000, but actually contained email addresses and passwords for their linked account on an app called “At the Pool” which may correspond to their Facebook passwords as around 70% of internet users reuse the same passwords across many accounts.

It is worth noting that Facebook have tightened control over what third-party developers have access to, but it seems to be a little too late for many users as their details are already out there and spread across the web.

Filed Under: blog

Footer

EMEA

Vitanium

Europe, Middle East & Africa
phone + 44 (0)345 258 1500
email info@vitanium.com

America & Asia

Vitanium

10 Lanidex Plaza West Ste 213
Parsippany, NJ 07054
phone +1 973 526-2979
hotline +1 973 526-2988
email info@vitanium.com

Asia Pacific

phone +65 6353 0555
hotline +65 6353 7448
email info@vitanium.com

Newsletter Optin

Sign up to our newsletter for the latest in backup and data protection solutions. No spam - we promise!

  • LinkedIn
  • Twitter

Useful links

  • Home
  • Datahive cloud backup
  • Veeam cloud connect backup
  • Veeam Cloud Connect Replication
  • Office 365 Solutions
  • Cloud email filtering
  • Cloud email archiving
  • Pricing
  • Partners
  • About
  • Complaints

Copyright © 2021 · Vitanium Cloud Limited.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.