Oh dear, oh dear. Facebook admits uploading email contact data on 1.5 million people without consent
Facebook is facing yet another privacy breach after it admitted that it had “unintentionally uploaded” email contacts of 1.5 million new users since May 2016.
The admission that the social networking giant had harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts, is sure to draw the attention of data protection watchdogs around the world.
It comes after an unidentified security researcher noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities.
The issue was first reported by Business Insider, and it reported that Facebook had “unintentionally uploaded to Facebook,” the email contact data of 1.5 million people.
Once the security researcher noticed the practice, Business Insider then discovered that if you did enter your email password, a message popped up saying it was “importing” your contacts, without asking for permission first.
This glitch allowed Facebook to fed the data into its internal systems to help the social network compile a social connections for users and to recommend friends to add.
It is reported that it is unclear at this stage whether these contacts were also used for ad-targeting purposes.
Business Insider did manage to get a statement from Facebook on the matter.
“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,” said the firm.
“When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account,” said the social network.
“We estimate that up to 1.5 million people’s email contacts may have been uploaded,” it added. “These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”
One security expert pointed out that Facebook users need to be more aware of their data privacy and settings.
“After years plagued by headline-grabbing scandals, Facebook’s saga of data scandal and controversy continued this week… – further highlighting the need for users to become more aware of their data privacy, as these once inherently trusted platforms continue to face scrutiny for their misuse of personal data,” said Dr Darren Williams, CEO and Founder of BlackFog.
“Despite scandals and data issues, the number of social media users worldwide continues to grow each year and the reality is that most of us will continue to use these platforms regardless of the risks and potential threats they present,” Dr Williams added.
“That’s why the focus must be on mitigating the risks and reducing vulnerability while using these platforms,” he said. “Adopting a preventative multi-layered approach to security, focused on preventing data loss, data profiling and data collection is essential. This ensures maximum protection against today’s sophisticated cyber threats, giving users confidence that their data is secure, and their privacy is intact.”
This is unfortunately not the first time that Facebook has been at the centre of a privacy row, the most famous of which was the Cambridge Analytica scandal in 2018.
But there have been others as well.
Last week for example, Facebook reacted quickly to the discovery of public databases containing data on 540 million of its users on an Amazon cloud server.
And then last month Facebook admitted that “hundreds of millions” of passwords were stored on its internal server in plaintext, unprotected by any form of encryption whatsoever.