Facebook has come under fire from cyber security experts for casually asking some users to hand over the passwords to their email accounts.
The issue was first flagged on Twitter by well known but anonymous security pundit e-sushi, who posted a screenshot of the Facebook request on Monday.
"To continue using Facebook, you'll need to confirm your email address," the social network states, going on to prompt the users to enter their email password.
e-sushi called Facebook out on the practice, claiming that asking users to hand over their secret passwords is "a HORRIBLE idea" from an information security point of view.
"By going down that road, you're practically fishing for passwords you are not supposed to know!" he said.
Facebook reveals its News Feed SECRETS thanks to this new feature
The report was followed up by American news website The Daily Beast, which tested the claim by setting up a new Facebook account using a disposable webmail address and connecting through a VPN.
They were taken to the same screen demanding the email password.
Security consultant Jake Williams described the practice as "beyond sketchy", adding that Facebook should not be taking users' passwords or handling them in the background.
"If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook," he told The Daily Beast.
Facebook stored hundreds of millions of users' passwords in plain text for YEARS
Responding to the story, Facebook said the prompt was only seen by "a very small group of people", and insisted that it does not store the email passwords.
It added that users have the option to bypass the password demand and activate their account through more conventional means - such as "a code sent to their phone or a link sent to their email".
Those options are presented to users who click on the words "Need help?" in the bottom left hand corner of the page.
However, it also confirmed that it will stop asking users for this information.
"We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it," Facebook said in a statement.
Commenting on the news, Electronic Frontier Foundation security researcher Bennett Cyphers said the practice was "bad on so many levels".
"It's an absurd overreach by Facebook and a sleazy attempt to trick people to upload data about their contacts to Facebook as the price of signing up," Cyphers told Business Insider.
"No company should ever be asking people for credentials like this, and you shouldn't trust anyone that does."
