X

Facebook 'unintentionally uploaded' email contacts from 1.5M users

Contacts harvested during new account signups for nearly three years.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
US-internet-lifestyle-computers-media

Facebook harvested the email contacts of about 1.5 million users when they signed up to the service.

Josh Edelson/AFP/Getty Images

Facebook "unintentionally" harvested the email contacts of about 1.5 million of its users during the past three years.

The activity came to light when a security researcher noticed that Facebook was asking users to enter their email passwords to verify their identities when signing up for an account, according to Business Insider, which previously reported on the practice. Those who did enter their passwords then saw a pop-up message that said it was "importing" their contacts -- without first asking permission, BI reported.

A Facebook spokesperson confirmed that 1.5 million people's contacts were collected in this manner since May 2016 to help build Facebook's web of social connections and recommend other users to add as friends.

"Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time," a Facebook spokesperson said. "When we looked into the steps people were going through to verify their accounts we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account.

"We've fixed the underlying issue and are notifying people whose contacts were imported," Facebook said, adding that the contacts weren't shared with anyone and are being deleted. It also pointed out that users can review and manage the contacts they share with Facebook in their settings.

As the world's largest social network, Facebook controls data on more than 2 billion people, and who has access to it. The company's data handling practices were called into question in the wake of the Cambridge Analytica scandal, during which the  personal information on up to 87 million Facebook users was improperly accessed.

The great Facebook exodus

See all photos