Facebook ‘unintentionally uploaded’ E-Mail contacts of 1.5 million users

The social media giant did so without user consent, but says it is now deleting such data.

Since May 2016, 1.5 million users have had their E-Mail contacts harvested by Facebook upon sign-up, without being asked for consent.

Security researcher ‘e-sushi’ found that Facebook was requesting the passwords to some users’ E-Mail accounts to verify their identities, Business Insider first reported.

When entered, users were informed that their contacts were being imported by Facebook, without prior warning.

A Facebook spokesperson said before May 2016, it offered an option to verify a user’s account using their email password and voluntarily upload their contacts at the same time. However, they said, the company changed the feature, and the text informing users that their contacts would be uploaded was deleted – but the underlying functionality was not.


Facebook has since stated that they did not access such data and all affected users are being notified.

It is worth noting that although only 1.5 million users were affected, each account may have had upwards of 10 contacts, if not significantly more, whose contact information was collected by Facebook – meaning the total number of people affected may be tens or hundreds of millions.

This is just another privacy blunder to add to Facebook’s list it seems, as it was revealed just last month that hundreds of millions of users’ passwords were stored unencrypted, with full employee access, for years.

If you want to know how to better secure your privacy online, as well as a fully secure and private messaging service I highly recommend, check out my recent blog post below:

How Useful Was This Post?

Let Us Know How We Are Doing - Click A Star To Rate This Post

Average Vote Rating 0 / 5. Vote Count : 0

No Votes So Far! Be The First To Rate This Post