Facebook uploaded 1.5 million users’ email contacts without their consent

Facebook uploaded 1.5 million users’ email contacts without their consent

Facebook harvested the email contacts of more than 1.5 million new users who joined the site since 2016, without their consent.

The social network has said it “unintentionally uploaded” the email contacts after asking some users to email passwords when signing up to the site as a way of verifying their identity – a practice widely criticised by security experts.

According to a report by Business Insider, those who did enter their password then saw a pop-up message telling them their contacts were being imported to Facebook, without asking for permission to do so first.

The incident is the latest in a growing list of data privacy breaches to hit the social network.

We've fixed the underlying issue and are notifying people whose contacts were imported

Facebook said the flaw had been caused by a feature which had enabled users to confirm their account and import their email contacts at the same time; however, a redesign in 2016 had removed some of the language which explained this but was still uploading contacts in some cases.

“Earlier this month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,” a spokeswoman said.

“When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account.

“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them.

“We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”

For all intents and purposes, this is a phishing attack

Facebook’s acknowledgement of the issue comes after concerns were raised by security researchers earlier this month.

Security expert Bennett Cyphers, from the Electronic Frontier Foundation, said “for all intents and purposes, this is a phishing attack” and labelled the process “downright irresponsible”.

- Press Association

More on this topic

New fines and break-ups suggested to tackle tech giants’ advertising dominanceNew fines and break-ups suggested to tackle tech giants’ advertising dominance

Facebook launch ad campaign to help users spot fake newsFacebook launch ad campaign to help users spot fake news

Facebook will tell users if they are about to share an old news articleFacebook will tell users if they are about to share an old news article

Ben & Jerry’s latest company to pull advertising from Facebook over racismBen & Jerry’s latest company to pull advertising from Facebook over racism


More in this Section

Florida reports record coronavirus cases as US holiday weekend causes concernFlorida reports record coronavirus cases as US holiday weekend causes concern

Boris Johnson’s father defends visit to Greece during lockdownBoris Johnson’s father defends visit to Greece during lockdown

Two women critically injured after car drives through crowd of protesters in SeattleTwo women critically injured after car drives through crowd of protesters in Seattle

Much of US scales back on Independence Day events as Trump plans big celebrationMuch of US scales back on Independence Day events as Trump plans big celebration


Lifestyle

All eyes are on America for Independence Day - so what happens when the country's borders reopen again? Tom Breathnach gets the lowdownAltered States: What will tourism in the US look like after lockdown?

From days by the seaside to adrenaline-filled days riding rollercoasters, Leinster offers staycationers major bang for their buck.Staycations 2020: Leinster, where Eastern promises are delivered in full

Des O'Sullivan previews the diverse items that will spark interest among collectorsAntiques: From a sword to crystal chandeliers and a dictionary

Kya deLongchamps strikes up the band for some lesser copied American mid-century talentIt's July 4 so let's strike up the band for American designs

More From The Irish Examiner