When some people signed up on Facebook, instead of getting a verification email or a code sent to their phones, they would instead get a prompt to enter their personal email's password to verify their new accounts -- essentially giving login credentials to the social network. The news was first reported by the Daily Beast.
A Facebook spokesperson said that the passwords are not stored by the social network and that the verification method was only available to a "very small group of people." Facebook did not clarify how many people were shown this prompt. The feature was originally designed for people signing up on a web browser and using email providers that don't support OAuth, an open-source protocol that acts as a key for logins.
"That said, we understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook said in an emailed statement on Tuesday.
Watch this: Here's how to use Google's Password Checkup tool
In March, Facebook CEO
announced that the social network would be shifting to a privacy-focused platform, with security as a major talking point. Since then, however, Facebook has been at the center of multiple privacy and security lapses.
The email password incident, for instance, follows the revelation last month that Facebook stored hundreds of millions of passwords in plain text on its internal servers, meaning they were open for staffers to see. In both cases, there was concern that the social network could see the login credentials. Facebook said it has never seen the passwords used for verification, although the feature had been available for several years.