How to Recover Facebook Account Without Email and Number

Facebook Has Been Asking for Email Passwords to Verify New Accounts

This site may earn affiliate commissions from the links on this page. Terms of use.

563109-facebook-icon-cc0-license

You would think that after all its recent privacy missteps, Facebook would exercise a little more caution when it implements new features. Alas, this is Facebook, so it's still blundering from one crisis to the next. Its latest ill-conceived scheme involves asking users to hand over their email passwords. This is basically indistinguishable from a phishing attack.

The email chicanery happens when new users sign up for Facebook in a way that looks "suspicious" to the site. The Daily Beast investigated this scenario by signing up from a VPN routed through Romania, finding that Facebook does indeed ask users to input their email password to verify their account.

It's been drilled into every internet user for years that you don't ever give your passwords to a third-party in this manner — not even to a site that you trust. Let's ignore for a moment that Facebook has done little to earn anyone's trust. Even making people think this is a normal practice sets them up to get hit by phishing attacks. Your email account is also a particularly sensitive portal into your online life with banking details, personal communication, and the ability to reset passwords on other online accounts.

According to Facebook, this "feature" is there to help users with suspicious sign-ins verify their accounts. It only appears for accounts connected to emails without OAuth, an open standard that allows access without sharing passwords. Although, Gmail recently imposed limits on third-party account access, so it's unclear if Facebook could get what it needs from Google's platform with a simple OAuth ping.

Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l

— e-sushi (@originalesushi) March 31, 2019

Facebook also says there are other options to verify these accounts. However, those options are hidden behind the "Need help?" link, which is a counterintuitive place to have additional verification methods. For whatever reason, Facebook is pushing the shadiest possible method of confirming these accounts. One clue comes in the next dialog after providing the password. The site pops up a notification that it's "importing contacts" from the email account without asking permission. It's unclear if this contact data actually shows up in Facebook, but it could be fed into Facebook's ad servers for all we know.

Facebook says the email logins are harmless. But do you really trust Facebook to handle your passwords with care and discretion? This is the company that recently admitted it stored passwords in plain text for years before someone realized that might be a bad idea. To its credit, Facebook has confirmed it will stop asking for email passwords in this manner.

Now read:

  • Facebook Uses 2FA Phone Numbers to Help Other Users Find You
  • Facebook Will Shut Down Its Data Collection VPN Onavo
  • Health Apps Caught Sharing Personal Data With Facebook

How to Recover Facebook Account Without Email and Number

Source: https://www.extremetech.com/internet/288846-facebook-has-been-asking-for-email-passwords-to-verify-new-accounts

0 Response to "How to Recover Facebook Account Without Email and Number"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel