Facebook is yet again in the news regarding the privacy of its users. The social media site has been reported to be asking its users to disclose the password to their personal email account in order to log in to Facebook.
Facebook has been flashing a message on some user’s login screen, asking them to enter the password of the email ID that their Facebook account is based on, reported The Daily Beast on Tuesday.
“To continue using Facebook, you’ll need to confirm your email,” asks the message, followed by a form that requires users to submit their email password.
It is unclear how many people have been affected by this measure across the globe.
In a statement, Facebook said that users can opt for the option of bypassing the password seeking window by activating their accounts through more conventional means, such as “a code sent to their phone or a link sent to their email”.
“We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it,” the report quoted Facebook as saying.
The additional log-in prompt was spotted by a cybersecurity watcher on Twitter called e-sushi.
Facebook recently got involved in a privacy debacle where the social media admitted that it had been storing around 200-600 million users password in plain text, which was searchable by over 20,000 Facebook employees.
“It’s perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands then you can expect them to be abused,” said Paul Ducklin, Senior Technologist at global cybersecurity firm Sophos.
“Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed,” Ducklin added.
Facebook said that it had not found any evidence until now of anyone internally misusing the information or access the passwords improperly.
Facebook also asked people to change their passwords “out of an abundance of caution”.