The world's biggest social network is finding itself back in hot water after yet another controversy involving user privacy, and this time, experts say Facebook should have known better.

It all started when the company implemented a new double-verification authentication system for some new users or older users changing their default email address. Instead of starting with a fresh login and password, those users were given the option of entering their email address in addition to their email password - raising big red flags from privacy advocates.

Facebook says it was all part of a larger effort to save time on verification, but the move was met with immediate outcry online. A number of security experts weighed in, pointing out the golden rule of protecting your privacy: You don't ever give one platform your password to another. Another problem, noted by privacy watchdog group The Electronic Frontier Foundation, is that the move by Facebook looks far too much like a phishing attack, where a hacker sends you a link that leads you to a very real-looking page to get you to enter your personal information, so it can be stolen.

Facebook is now playing defense, claiming the option was only offered to a small group of users and was done in order to help fight phony accounts. In a statement to Fox News, the social media giant said "people can always choose instead to confirm their account with a code sent to their phone or a link sent to their email. That said, we understand the password verification option isn't the best way to go about this, so we are going to stop offering it."

It's not clear what this new incident will mean for Facebook moving forward, but the controversy comes less than a month after founder Mark Zuckerberg unveiled his new vision for a "privacy-focused" Facebook - where problems like this would be eliminated.