

Potential Facebook Security Flaw - screenreach
http://blog.screenreach.com/facebook-security-potential-flaw/

======
mike-cardwell
I don't consider this a Facebook security flaw. The person with the Facebook
account added your email address to their profile.

It's tantamount to them giving you a copy of their house key, you using it to
get into the house, and then stating that there is a security flaw in the
door.

~~~
what
What happens if someone gets access to your email though? For example, a silly
person might forget to logout of their email when using a public computer. If
I notice this, I can just hijack their Facebook account.

~~~
mike-cardwell
You're kidding right? If you get access to somebody's email account then all
bets are off. You could take over somebody's HackerNews account exactly the
same way. You could take over accounts on _most_ websites this way...

------
jdee
Pretty shocking. What sites don't verify emails in 2020?

~~~
kgermino
Umm 2020?

Interesting story though, and one more thing that would make me concerned
about having a FB account.

------
dzlobin
I raised the same question as the the first commenter on this post a few
months ago: <http://news.ycombinator.com/item?id=1341852>

