Credit: The Hacker News
Not a week goes without a new Facebook blunder.
Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity?
At the time, it was suspected that Facebook might be using access to users’ email accounts to unauthorizedly and secretly gather a copy of their saved contacts.
Now it turns out that the collection of email contacts was true, Facebook finally admits.
In a statement released on Wednesday, Facebook said the social media company “unintentionally” uploaded email contacts from up to 1.5 million new users on its servers, without their consent or knowledge, since May 2016.
In other words, nearly 1.5 million users had shared passwords for their email accounts with Facebook as part of its dubious verification process.
A Facebook spokesperson shared information with Business Insider that the company was using harvested data to “build Facebook’s web of social connections and recommend friends to add.”
The social media giant said the company had stopped this email verification process a month ago and has assured its users that it has not shared those contacts with anyone and that it has already started deleting them.
“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,” Facebook says.
“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”
This recently reported incident is the latest in a long list of privacy-related issues and controversies the tech giant is dealing with.
Just last month, Facebook was caught storing passwords of hundreds of millions of users in plaintext within its internal servers, which were accessible to some of its employees.
In October last year, Facebook also announced its worst-ever security breach that allowed hackers to successfully steal secret access tokens and access personal information from 29 million Facebook accounts.
The recent revelation once again underlines the failure of Facebook to protect its users’ information while generating billions of dollars in revenue from the same information.