Facebook confessed another data breach; says it “unintentionally uploaded” 1.5 million email contacts without consent

3 min read

Facebook has been in the radar since quite some time now, with each month showing some major blunder by the company with respect to its privacy concerns. Last month Facebook opened up about exposing millions of user passwords in a plain text. Recently, one of the Facebook shareholders stood by a proposal to depose Mark Zuckerberg from its position as the board chairperson. And last evening, Facebook broke the news that it may have “unintentionally uploaded” the email contacts of 1.5 million new users on its site since May 2016, without their consent.

What exactly happened at Facebook

This news comes out when a security researcher highlighted that Facebook was asking some users to enter their email passwords when they signed up for new accounts for verifying their identities, in a move widely condemned by security experts. And it seems that the list of affected users is not just limited to the United States.

In a statement to CNBC, a Facebook spokesperson said, “We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage contacts they share with Facebook in their settings.”

According to a report by Business Insider when a user entered his/her email password, a message popped up which read, “it was “importing” your contacts, without asking for permission first.”

The official statement from Facebook reads, “Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”

Facebook’s justification

According to Facebook, the platform used to have a step in the account verification process where few users had the option to confirm their email address and then voluntarily import their email contacts onto Facebook. The idea behind the feature was to help users find their friends easily and also improve ads.

When this process got redesigned in May 2016, the text that explained the step was removed but the feature remained intact. So, the email contacts were still being uploaded to the site without users being aware of the fact.

With the company confessing such data breach acts repeatedly and stricter legislations coming into place, Facebook might face huge consequences for it in the near future.

Read Next

Facebook shareholders back a proposal to oust Mark Zuckerberg as the board’s chairperson

Facebook AI introduces Aroma, a new code recommendation tool for developers

Facebook AI open-sources PyTorch-BigGraph for faster embeddings in large graphs