During the past 3 years, email contacts of 1.5 users have been harvested by Facebook without the users’ consent during signup. This came into limelight when a security researcher noticed that Facebook was asking the new users to enter the passwords of their email during signup to verify their identities, and those new users who didn’t enter their passwords got a pop-up message that Facebook was importing their contacts without even asking for the user’s permission.
This helped Facebook to build Facebook’s web of social connection and recommend other users to add as friends, Facebook has been doing this since May 2016 and it was unintentionally uploaded and they are now deleting the data, confirmed by A Facebook spokesperson.
Here’s the full statement of Facebook’s Spokesperson:
“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”
This is once again a privacy misstep by facebook which is getting into data breaches scandal from the last two years, though this is still a small data breach than Cambridge Analytica during which personal data of more than 87 million users was leaked.