After clicking the email verification link, some fresh Facebook users were asked for their private email password – a cybersecurity no-no that should cause even the most naïve internet user to recoil in horror. It’s unclear when this innovation in intrusiveness was introduced, or how long it lasted as a feature, but its existence was confirmed by the Daily Beast after it was exposed by Twitter.

Facebook sheepishly admitted they were indeed demanding passwords, but protested users could “bypass” the password-request screen by clicking the “need help?” link and triggering a multistep process that would eventually allow them to confirm using “more conventional” means, such as a DNA sample – er, a phone code. They also said they were very, very sorry and would stop asking for email passwords in the future.

While Facebook promised it doesn’t store users’ email passwords, a privacy promise from Facebook isn’t worth the pixels it’s printed with, as even CEO Mark Zuckerberg admitted last month when he piously announced the company would finally focus on protecting users’ data, “because frankly we don’t currently have a strong reputation for building privacy protective services.”