BREAKING NEWS

‘Unintentionally uploaded’ email contacts of 1.5M users without consent: FB


Facebook said it “unintentionally uploaded” the email contacts of 1.5 million new users since May 2016, according to a report in Business Insider on Wednesday. The social media company harvested email contacts of the users allegedly without their consent when they opened their accounts. 

The company said it is now deleting them. Facebook will also notify the affected users and it is not clear if these contacts were also used for ad-targeting purposes. However, Facebook said it did not access the contacts of users’ emails.

The matter came to light after a security researcher noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts, to verify their identities. Once the email password was entered, a message popped up saying it was importing the contacts, without seeking permission.

Before May 2016, Facebook offered an option to verify a user’s account and voluntarily upload their contacts at the same time.
“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,” the company said in a statement. 

“We’ve fixed the underlying issue and are notifying users whose contacts were imported. The users can also review and manage the contacts they share with Facebook in their settings.” In the recent months, Facebook was hit by multiple security breaches.

In March, Facebook acknowledged that hundreds of millions of user passwords were stored in a readable format in its internal data storage system and that the glitch has now been fixed. 
The company said the passwords were not visible to anyone outside the company and claimed it did not find any evidence of access being abused. 

In September, Facebook said it had discovered a security breach that has affected about 50 million users. Last year, it was also embroiled in the Cambridge Analytical data breach scandal.

Photo Gallery