Facebook Collected Email Contacts Of 1.5 Million Users Without Consent


Facebook is at it again folks. It seems that the social media giant just can’t stay away from controversy. It has recently stated that it ‘accidentally’ uploaded the email contacts of 1.5 million of its users without their knowledge or consent.

Facebook collected this data when new users were signing up for the service.The news was revealed after a security researcher who goes by the Twitter handle ‘e-sushi’ noticed that Facebook was asking its users to confirm their private email accounts for the sake of verifying their identity.

A number of tweets by e-sushi explain that how this request was the only method that Facebook was offering for verifying his password and that the link that was offered for the explanation about the method of verification was broken.

Soon enough, Facebook admitted that it did collect contact information of 1.5 million users via this verification method. The data was used for improving Facebook’s ad targeting while also narrowing down the list of recommended friends. Although Facebook promises that it was not entering its users’ emails, it is clear that they were accessing the contact lists. These lists are private and quite personal since they can reveal who and when you are in contact with someone.

Facebook says that it used this verification method for verifying the accounts of about 1.5 million users. However, the obtained contact information is probably in hundreds of millions. Facebook has also not come clean about how many email addresses it has access to, and e-sushi has pointed out that once the process begins, there is no way to get out of it.

Facebook has already changed how it verifies new accounts, but this is yet again a data breach and misstep that has been taken by the social media giant. The company has further stated that it will be notifying the 1.5 million users that have been affected and will be deleting their contacts from the systems at the company.

The spokesperson for Facebook said, ‘Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps, people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone, and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.’