Some facts about this screen that may to seem obvious at first glance:
- It's a mandatory part of the sign up process
- It promises a free virtual teddy bear!
- It requires you to fill in the credential of a real email account.
- It validates the credentials, and throws an error if you give it fake information
- The page has (at least) a XSS vulnerability: Enter "+alert(1)+" in the email box (with quotes) and see what happens.
- In case a connection is successfully made, the application will sift through your inbox for email addresses of your friends and send them personal invites in your name.