I would like to know you opinions as programmers / developers.
When I changed my Facebook password yesterday, by mistake I entered the old one and got this:
Am I missing something here or this is a big potencial risk for users.
In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!!
All kidding aside:
Isn't this useful information for an attacker?
It reveals private information about the user!
It could help the attacker gain access to another site in which the user used the same password
Granted, you should't use use the same password twice (but remember: 76.3%!!!)
Doesn't this simply increase the surface area for attackers?
It increases the chances of getting useful information at least.
In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed?
Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post?
Thanks in advance!!
BTW if you want to try it out, a dummy account:
user:
[email protected]
(old) password: hunter2
