Skip to main content
Software Engineering

Return to Question

replaced http://programmers.stackexchange.com/ with https://softwareengineering.stackexchange.com/
Source Link
Community Bot
Community Bot
  • 1

When I changed my Facebook password yesterday, by mistake I entered the old one and got this:

Screen capture of facebook login

Am I missing something here or this is a big potencial risk for users.

In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:meme], that is more that 3/4!!

All kidding aside:

  • Isn't this useful information for an attacker?
  • It reveals private information about the user!
  • It could help the attacker gain access to another site in which the user used the same password
  • Granted, you should't use use the same password twice (but remember: 76.3%!!!)
  • Doesn't this simply increase the surface area for attackers?
  • It increases the chances of getting useful information at least.
  • In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed?

Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post?

When I changed my Facebook password yesterday, by mistake I entered the old one and got this:

Screen capture of facebook login

Am I missing something here or this is a big potencial risk for users.

In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!!

All kidding aside:

  • Isn't this useful information for an attacker?
  • It reveals private information about the user!
  • It could help the attacker gain access to another site in which the user used the same password
  • Granted, you should't use use the same password twice (but remember: 76.3%!!!)
  • Doesn't this simply increase the surface area for attackers?
  • It increases the chances of getting useful information at least.
  • In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed?

Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post?

When I changed my Facebook password yesterday, by mistake I entered the old one and got this:

Screen capture of facebook login

Am I missing something here or this is a big potencial risk for users.

In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!!

All kidding aside:

  • Isn't this useful information for an attacker?
  • It reveals private information about the user!
  • It could help the attacker gain access to another site in which the user used the same password
  • Granted, you should't use use the same password twice (but remember: 76.3%!!!)
  • Doesn't this simply increase the surface area for attackers?
  • It increases the chances of getting useful information at least.
  • In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed?

Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post?

De-facebook localize question.
Source Link
user40980
user40980

Facebook - Isn't this a big vulnerability risk for users Is it safe to display information about old passwords on login failure? (After Password Change)

I would like to know you opinions as programmers / developers.

When I changed my Facebook password yesterday, by mistake I entered the old one and got this:

enter image description hereScreen capture of facebook login

Am I missing something here or this is a big potencial risk for users.

In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!!

All kidding aside:

  • Isn't this useful information for an attacker?
  • It reveals private information about the user!
  • It could help the attacker gain access to another site in which the user used the same password
  • Granted, you should't use use the same password twice (but remember: 76.3%!!!)
  • Doesn't this simply increase the surface area for attackers?
  • It increases the chances of getting useful information at least.
  • In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed?

Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post?

Thanks in advance!!

BTW if you want to try it out, a dummy account:

user: [email protected]
(old) password: hunter2

Facebook - Isn't this a big vulnerability risk for users? (After Password Change)

I would like to know you opinions as programmers / developers.

When I changed my Facebook password yesterday, by mistake I entered the old one and got this:

enter image description here

Am I missing something here or this is a big potencial risk for users.

In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!!

All kidding aside:

  • Isn't this useful information for an attacker?
  • It reveals private information about the user!
  • It could help the attacker gain access to another site in which the user used the same password
  • Granted, you should't use use the same password twice (but remember: 76.3%!!!)
  • Doesn't this simply increase the surface area for attackers?
  • It increases the chances of getting useful information at least.
  • In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed?

Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post?

Thanks in advance!!

BTW if you want to try it out, a dummy account:

user: [email protected]
(old) password: hunter2

Is it safe to display information about old passwords on login failure?

When I changed my Facebook password yesterday, by mistake I entered the old one and got this:

Screen capture of facebook login

Am I missing something here or this is a big potencial risk for users.

In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!!

All kidding aside:

  • Isn't this useful information for an attacker?
  • It reveals private information about the user!
  • It could help the attacker gain access to another site in which the user used the same password
  • Granted, you should't use use the same password twice (but remember: 76.3%!!!)
  • Doesn't this simply increase the surface area for attackers?
  • It increases the chances of getting useful information at least.
  • In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed?

Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post?

Source Link
Trufa
Trufa
  • 604
  • 4
  • 15

Facebook - Isn't this a big vulnerability risk for users? (After Password Change)

I would like to know you opinions as programmers / developers.

When I changed my Facebook password yesterday, by mistake I entered the old one and got this:

enter image description here

Am I missing something here or this is a big potencial risk for users.

In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!!

All kidding aside:

  • Isn't this useful information for an attacker?
  • It reveals private information about the user!
  • It could help the attacker gain access to another site in which the user used the same password
  • Granted, you should't use use the same password twice (but remember: 76.3%!!!)
  • Doesn't this simply increase the surface area for attackers?
  • It increases the chances of getting useful information at least.
  • In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed?

Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post?

Thanks in advance!!

BTW if you want to try it out, a dummy account:

user: [email protected]
(old) password: hunter2