Social network Path this week celebrated reaching the 10 million user mark, but the milestone was quickly overshadowed by complaints of address book misuse.
Yorkshire-based digital marketer Stephen Kenwright downloaded the app, which allows the sharing of photos and messages within a network of close family and friends. He tested it out and then uninstalled it, having decided "it wasn't for me."
But when he woke up one morning, he found that Path had, overnight, texted and called a number of his contacts, including his father and grandparents, who received landline-based notifications about photos he wanted to share with them.
Within the next couple of hours, Kenwright was questioned by family, friends, and co-workers, all of whom had received a phone call and text message about sharing photos. (He, in fact, did not have any pictures to share with anyone.)
"Having uninstalled the app...when I decided it wasn't for me, I'm going to go ahead and assume that Path took this data out of my phonebook sometime during the half hour I had it installed," Kenwright said in his blog.
He contacted Path via Twitter, writing, "Why are you texting people in my address book at 6:30 a.m.? Even after I uninstalled your app? That's ridiculous."
Two hours later, when there was still no response from Path, Kenwright began getting frustrated, and a bit cheeky. "The guys over there are probably still in bed," he wrote. "In the meantime Path has called two plumbers; an electrician; a dentist; my girlfriend's grandparents and a local takeaway, letting them know I have photos that they should probably see (I don't have photos for them)."
Not everyone in Kenwright's phone book carries a smartphone, though; a number of the robocalls were made to UK landlines, through which text messages are read out to the person on the other end of the phone.
"I'm not talking about Path getting Microsoft Sam to call my plumber personally," Kenwright said.
About 11 hours after initially contacting Path, Kenwright received a phone call from Path's vice president of marketing, Nate Johnson, and members of Path's PR team. They assured him that Path doesn't collect data from mobile phone books, but that the app had intended to send the messages within the half hour he was a Path member.
"Our product always checks that you've opted-in to share your contacts before it reaches out to those people, but we are investigating why there was a delay in doing so," one of the agency employees told Kenwright.
That opt-in feature was included in last year's iPhone app update, following a privacy snafu in which Path uploaded a user's entire address book to its servers without permission. It seems like that option didn't quite take for all users, including Kenwright, who added in his blog that he's "pretty sure I didn't opt in."
Path did not immediately respond to a request for comment.
The company, which launched in 2010, has already paid for its mistakes, literally. In February, Path agreed to pay the Federal Trade Commission's $800,000 (£514,235) fine.