Facebook "unintentionally" uploaded 1.5m user email contacts
Latest gaff from the social network is a glitch that began in May 2016
Facebook has said it "unintentionally" uploaded the email contacts of more than 1.5 million users on to its social network thereby breaching people's privacy.
This latest data harvesting gaff happened via a system used to verify the identity of new members. In 2016, Facebook asked new users to supply the password for their email account, and took a copy of their contacts.
All this was done automatically when an email and password was submitted, with a message informing users that their contacts were being imported without them having prior knowledge or having given consent. The social network said it has now changed the way it handles new users to stop contacts being uploaded.
"We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we are deleting them," Facebook told Reuters, adding that users whose contacts were imported will be notified.
This is the latest privacy issue to come out of Facebook, with the company seemingly going from one problem to the next for the last two years. Most recently the company admitted to storing user passwords in plain text, sans any encryption.
On this occasion, the information grabbed is believed to have been used by Facebook to help map social and personal connections between users. The contacts started being taken without consent in May 2016, according to Business Insider. Before that, new users were asked if they wanted to verify their identity via their email accounts.
Users were also asked if they wanted to upload their address book, voluntarily. This option and the text specifying that contacts were being grabbed was changed in May 2016, but the underlying code that scrapped these contacts was left intact, according to Facebook.
The company is currently under unrelenting scrutiny from regulators around the globe for its data policies and attitudes to user privacy, but it's also coming under fire for internal cockups and the way it's managing them.
Tracing a line back to the Cambridge Analytica scandal, the company has had as many outages and data breaches as it has regulator action from organisations such as the ICO or the Irish Data regulator and even the American FCC.
BIOS security: The next frontier for endpoint protection
Today’s threats upend traditional security measuresDownload now
The role of modern storage in a multi-cloud future
Research exploring the impact of modern storage in defining cloud successDownload now
Enterprise data protection: A four-step plan
An interactive buyers’ guide and checklistDownload now
The total economic impact of Adobe Sign
Cost savings and business benefits enabled by Adobe SignDownload now