Facebook "unintentionally" uploaded 1.5m user email contacts
Latest gaff from the social network is a glitch that began in May 2016
Facebook has said it "unintentionally" uploaded the email contacts of more than 1.5 million users on to its social network thereby breaching people's privacy.
This latest data harvesting gaff happened via a system used to verify the identity of new members. In 2016, Facebook asked new users to supply the password for their email account, and took a copy of their contacts.
All this was done automatically when an email and password was submitted, with a message informing users that their contacts were being imported without them having prior knowledge or having given consent. The social network said it has now changed the way it handles new users to stop contacts being uploaded.
"We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we are deleting them," Facebook told Reuters, adding that users whose contacts were imported will be notified.
This is the latest privacy issue to come out of Facebook, with the company seemingly going from one problem to the next for the last two years. Most recently the company admitted to storing user passwords in plain text, sans any encryption.
On this occasion, the information grabbed is believed to have been used by Facebook to help map social and personal connections between users. The contacts started being taken without consent in May 2016, according to Business Insider. Before that, new users were asked if they wanted to verify their identity via their email accounts.
Users were also asked if they wanted to upload their address book, voluntarily. This option and the text specifying that contacts were being grabbed was changed in May 2016, but the underlying code that scrapped these contacts was left intact, according to Facebook.
The company is currently under unrelenting scrutiny from regulators around the globe for its data policies and attitudes to user privacy, but it's also coming under fire for internal cockups and the way it's managing them.
Tracing a line back to the Cambridge Analytica scandal, the company has had as many outages and data breaches as it has regulator action from organisations such as the ICO or the Irish Data regulator and even the American FCC.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now