Facebook "unintentionally" uploaded 1.5m user email contacts

Latest gaff from the social network is a glitch that began in May 2016

Facebook login page

Facebook has said it "unintentionally" uploaded the email contacts of more than 1.5 million users on to its social network thereby breaching people's privacy. 

This latest data harvesting gaff happened via a system used to verify the identity of new members. In 2016, Facebook asked new users to supply the password for their email account, and took a copy of their contacts.

All this was done automatically when an email and password was submitted, with a message informing users that their contacts were being imported without them having prior knowledge or having given consent. The social network said it has now changed the way it handles new users to stop contacts being uploaded.

"We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we are deleting them," Facebook told Reuters, adding that users whose contacts were imported will be notified.

This is the latest privacy issue to come out of Facebook, with the company seemingly going from one problem to the next for the last two years. Most recently the company admitted to storing user passwords in plain text, sans any encryption.

On this occasion, the information grabbed is believed to have been used by Facebook to help map social and personal connections between users. The contacts started being taken without consent in May 2016, according to Business Insider. Before that, new users were asked if they wanted to verify their identity via their email accounts.

Users were also asked if they wanted to upload their address book, voluntarily. This option and the text specifying that contacts were being grabbed was changed in May 2016, but the underlying code that scrapped these contacts was left intact, according to Facebook.

The company is currently under unrelenting scrutiny from regulators around the globe for its data policies and attitudes to user privacy, but it's also coming under fire for internal cockups and the way it's managing them.

Tracing a line back to the Cambridge Analytica scandal, the company has had as many outages and data breaches as it has regulator action from organisations such as the ICO or the Irish Data regulator and even the American FCC.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021
Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

20 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021