Facebook has been giving me some serious security problems lately! And IT’S NOT EVEN MY FACEBOOK ACCOUNT!!!!
Someone has used one of my email addresses as an alternate in their Facebook account.
Facebook actually allowed them to do that!
Because of whatever Facebook did and/or didn’t do in their systems, I could actually login to the culprit’s facebook account via my Yahoo account!
But now the other Facebook user has once again changed my email’s password, and I can’t login to my Yahoo email again!
Nor can I contact Facebook to get them to correct it!
I have a number of email addresses that I’ve used over the years. A few I got in 1998 or earlier and I use them occassionally. One is a Hotmail account. The other is a Yahoo account.
This Yahoo account is important. It’s the same account that I’ve used for booking some airline flights.
The other day I went to login to this Yahoo account. But I could not. I knew that my password was correct. I was able to change the password online with Yahoo’s tools and security.
When I logged in, I saw a whole bunch of emails from Facebook. For a Rodger V.
Now, for some reason, when I was in my Yahoo account, I was actually able to login to Rodger V’s Facebook account!!!! Just like that!!!! Great security huh!
Now I’m not a malicious kind of guy. But I did want an end to this nonsense. So, I went into his Facebook preferences, and tried to remove MY email address from his alternate email. And set his email, as the main and only email.
But no matter what I did, MY Yahoo email address remained in his preferences.
So I then tried on different systems; Redhat Linux, and on Windows, using different browsers. But my email address just wouldn’t leave this guy’s account.
The next day, I found that I could not login to Yahoo account again. According to my Hotmail account that is associated with the Yahoo account, the password was changed again. Obviously, Rodger V logged in, and changed my Yahoo password, via Facebook!!!
Just what is going on here!!!??
Don’t you think that if you were to put an alternate email in your profile, that you would have to login to that account directly, with that account’s password, and confirm it??? Obviously, that isn’t being done.
I can’t think of any other place, where this is not the case. If you put an add on Craigslist, using an email address, you have to go to that account, using the proper password, and confirm the ad. It’s simple and effective for security. Others then can’t put up ads in your name and do damage or abuse.
And why can someone login to Facebook, from a Yahoo account that is not confirmed yet? Who thought of that stupidity???? Or perhaps there was no thought put into any of the consequences of what they were doing. (See so many articles I’ve written all over my blog on these issues: analysis, design, architecture, error trapping, and so on, that touch on these subjects.)
And, why can’t this email address be simply and effectively removed from the preferences???? In retrospect, I suspect that perhaps Rodger V also could not remove my email address from his preferences.
Adding or removing an alternate email address, is something that I’ve seen on other websites. It’s not a difficult concept. So why is it sooooo difficult for Facebook?
And why can the Facebook user, then change my Yahoo account’s password??? Why is Yahoo allowing the password to be changed via Facebook???
What’s wrong with standard practice?? That is, when you want to go to Facebook, you login to Facebook. Not go to Yahoo, to get to your Facebook.
Now, if all this is not bad enough, I’ve been trying to contact Facebook to deal with the issue. I went to report a bug. This clearly needs to be addressed by an engineer. Not the usual first line “customer support” people, who can barely read or understand what you have written and what the issue actually is.
But after a number of minutes and many mouse clicks, looking through Login Bugs, I could not report a bug. It was the usual “figure it out yourself” crap. Lots of FAQ. But no obvious way to report a bug.
Really, when I want to report a bug, I want to report a bug. Now. It’s really quite simple. How can Facebook make something so simple, soooo complex?
What really makes me angry is that none of this is any fault of my own. And perhaps, it is also just a simple mistake of Rodger V., and he is frustrated too.
But it affects me. I’ve spent a few hours now trying to “figure it out yourself” and solve it. But still no resolution. So now, I’m spending more time bringing the issue to light.
Don’t you think we should be allowed to sue Facebook and other websites for wasted time like this? I mean really quickly and effectively, not getting dragged out in the courts, and requiring expensive lawyers.
Do you think that if companies were actually liable, with real and actual dollar costs, that they would put more thought and bulletproofing into their websites if that was the case??? I’ll bet they would.
Right now, I see little or no consequence to these corporations having websites that screw up, waste the user’s time, waste the public’s time, compromise their security, or even cost them actual out of pocket expenses. Hey, it doesn’t cost the corporation anything. So they are not motivated to do anything.
But this issue, and others, are certainly costing ME time and energy. I sure hope it doesn’t move into identity theft or other aspects with real dollar costs.
Does anyone know how to contact Facebook so they can get with the program? That is, in one URL mouse click? Or email address? If anybody knows any technical people at Facebook, please forward this post to them.
Facebook engineers, if you are reading this, please respond WITH A PROPER EMAIL ADDRESS AND PHONE NUMBER so that I can send you the details of my compromised Yahoo account and the offending culprit, Rodger V.
Thanks a lot!