قالب وردپرس درنا توس
Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Facebook has been asking some users about their email passwords, so why not

Facebook has been asking some users about their email passwords, so why not



  Sorry,

Bloomberg / Getty Images

As company executives try to rebrand Facebook as a privacy company, the company still seems to be trying to cultivate a privacy culture internally and with third-party developers. As Kevin Poulson of Daily Beast reported on April 2, some new Facebook users have been asked to provide both their email address and their email password for registering accounts.

And on the blog today, cloud-safety researchers UpGuard has reported that they have discovered two publicly available Facebook user-generated caches created by third-party applications that are connected to the Facebook platform. Both caches were placed in the Amazon Web Services (S3) easy storage service in the public cloud AWS.

Password please

Email password practice was first noticed by a software developer and information security expert who follows the E-sushi handle:

Requests were made to users with many webmails. Gmail from Google was not among them, as Facebook used OAuth to check Gmail accounts, so password verification is not required by e-mail.

In response to Daily Beast, a Facebook spokesperson said that email passwords are not stored on Facebook. But given the previous Facebook problems with password entry and other personal data, this statement can be met with healthy skepticism.

The Facebook spokesman also said that the company ceased to practice the request for email passwords for webmail accounts. The test of Ars Technica today confirmed that – by using email accounts on Mail.com and other webmail services, we registered accounts and instead received an email request for the code to be sent to the specified e-mail address.

  New, improved Facebook confirmation page. "src =" https://cdn.arstechnica.net/wp-content/uploads/2019/04/fb-confirm-640x357.jpg "width =" 640 "height =" 357 "srcset =" https: // cdn .arstechnica.net / wp-content / uploads / 2019/04 / fb-confirm.jpg 2x
Zoom / New, improved Facebook verification page.

Sean Gallagher

Custom Data Exposures, published by UpGuard, were connected to applications affiliated with two different Facebook companies. First, the Cultura Colectiva, the Mexican media company, was a 146-gigabyte store that contained over 540 million entries, including Facebook account IDs and their associated reactions, "lits" and comments. . UpGuard researchers compared the amount of content with what was collected by Cambridge Analytica.

The second cache, also found in the Amazon S3 segment, was a backup of the database of an integrated Facebook application called "In the Pool." the researchers report. The database included column labels that offered data, including Facebook user IDs, names, friends, events, photos, events, groups, location data, and other profile information, including your favorite music, books, movies and interests. There was also a "password" column, but the passwords were "likely for the" On the Pool "program, not for the Facebook user account," said UpGuard researchers. However, these passwords can be risky if they are exposed, especially if they were reused in other accounts.

S3 boxes containing data were closed or protected. However, for the Cultura Colectiva store, it took almost four months from the date of the first opening for the store. Culture Colectiva never responded to letters that informed them about the data displayed. Until today, when Facebook was contacting a journalist about comments on a comment request, this was secured. A backup for the On Pool application was translated offline before the UpGuard can notify the developers; the program is no longer active and the company that owns the application may cease to exist.

Both of these cases show that while Facebook has promised to restrict developers' ability to remove personal data from their service after the Cambridge scandal, they are still third parties that have access to large amounts of Facebook data. And Facebook does not have to take police action to keep that data in spite of new company policies.


Source link