Skip to main content

Facebook uploaded over a million user emails without permission

(Image credit: Image Credit: Anthony Spadafora)

In news that probably won't surprise anyone, Facebook has uploaded email contacts of 1.5 million people online without their specific consent.

The news first broke out on Business Insider, and was later confirmed by the social media giant itself.

So here's what happened. If people were to sign up for a new account any time from May 2016, Facebook would ask not only for their email, but for that email's password as well. Those that gave Facebook their email password would then be notified that the social media site was “importing contacts”.

Once you got into that mess, there was no going back.

At a later (unknown) date, Facebook deleted the message saying it was importing contacts, but kept the practice, so people would give their password and would have no idea what was going on in the background.

As the story evolved, we then learned that Facebook not only used new users’ email access to import contacts, but to “improve ads”, as well.

As the news broke out, Facebook reacted, issuing a statement saying it stopped with the email verification functionality a month ago, and that it is deleting the data.

“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts, we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account,” the announcement reads.

“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”

Image Credit: Anthony Spadafora