Oops: Facebook Mistakenly Mined E-mail Contacts From 1.5M Users
Another day, another Facebook privacy scandal. According to the social media company, its engineers were trying to kill off an old registration function dating back to 2016, only to discover that it was still nabbing e-mail contacts — from as many as 1.5 million new users as they signed up. The issue was first spotted on March 31 by a cybersecurity pro who goes by the Twitter moniker “e-sushi,” aka Mike Edward Moras, before the story broke Thursday. Posting on Twitter, Moras expressed shock that Facebook was requesting e-mail passwords from any users during sign-ups. (Password requests are a major red flag for security experts, who consider them signs of a potential scam.) Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l — e-sushi (@originalesushi) March 31, 2019 Facebook regularly used this verification feature prior to May 2016, but later redesigned it to make giving e-mail passwords optional. The information fed into other areas, like the platform’s advertising targeting and “people you may know” feature. Now theFollow WWD on Twitter or become a fan on Facebook.
from WWDWWD http://bit.ly/2DoAwqv
0 comments:
Post a Comment