Facebook "unintentionally" uploaded 1.5m user email contacts

Latest gaff from the social network is a glitch that began in May 2016

Facebook login page

Facebook has said it "unintentionally" uploaded the email contacts of more than 1.5 million users on to its social network thereby breaching people's privacy. 

This latest data harvesting gaff happened via a system used to verify the identity of new members. In 2016, Facebook asked new users to supply the password for their email account, and took a copy of their contacts.

All this was done automatically when an email and password was submitted, with a message informing users that their contacts were being imported without them having prior knowledge or having given consent. The social network said it has now changed the way it handles new users to stop contacts being uploaded.

"We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we are deleting them," Facebook told Reuters, adding that users whose contacts were imported will be notified.

This is the latest privacy issue to come out of Facebook, with the company seemingly going from one problem to the next for the last two years. Most recently the company admitted to storing user passwords in plain text, sans any encryption.

On this occasion, the information grabbed is believed to have been used by Facebook to help map social and personal connections between users. The contacts started being taken without consent in May 2016, according to Business Insider. Before that, new users were asked if they wanted to verify their identity via their email accounts.

Users were also asked if they wanted to upload their address book, voluntarily. This option and the text specifying that contacts were being grabbed was changed in May 2016, but the underlying code that scrapped these contacts was left intact, according to Facebook.

The company is currently under unrelenting scrutiny from regulators around the globe for its data policies and attitudes to user privacy, but it's also coming under fire for internal cockups and the way it's managing them.

Tracing a line back to the Cambridge Analytica scandal, the company has had as many outages and data breaches as it has regulator action from organisations such as the ICO or the Irish Data regulator and even the American FCC.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
New DNS vulnerabilities put millions of IoT devices at risk of hacking
Internet of Things (IoT)

New DNS vulnerabilities put millions of IoT devices at risk of hacking

13 Apr 2021
Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?
cloud security

Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?

13 Apr 2021
5G will accelerate cyber crime, predicts former White House CIO
5G

5G will accelerate cyber crime, predicts former White House CIO

13 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021