Facebook Leaks Data Again

Since 2016, Facebook has uploaded the e-mail contacts of 1.5 million users without consent. The tech giant calls the privacy breach “unintentional” and says it will notify users and delete the data.

The privacy breach came after Facebook implemented a feature that asked new users to enter their e-mail password in order to create an account. Afterward, users noticed that their e-mail contacts had been imported into Facebook without permission: people in their e-mail contacts began showing up in Facebook’s “People You May Know” section.

Security experts criticized Facebook for exposing people to e-mail security issues. Other security experts said Facebook was effective “fishing” for passwords and other private data.

A Facebook spokesperson denied the security breach was intentional and said Facebook would stop asking new users for their e-mail password.

“When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account,” the spokesperson said. “We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”