Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk.
Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account registration.
However, Facebook has been found asking some newly-registered users to provide the social network with the passwords to their email accounts, which according to security experts is a terrible idea that could threaten privacy and security of its users.
First noticed by Twitter account e-Sushi using the handle @originalesushi, Facebook has been prompting users to hand over their passwords for third-party email services, so that the company can “automatically” verify their email addresses.
However, the prompt only appears for email accounts from certain email providers which Facebook considers to be suspicious.