Facebook harvested the email contacts of 1.5 million users without their knowledge or consent and used the data to build a web of their social connections, it emerged today. Business Insider reports that Facebook began collecting the contact lists in May 2016 when new users opened a new account on the social network.
Image via Business Insider
The harvesting occurred when users were offered email password verification as an option to verify their identity when signing up to Facebook, a method widely condemned by security experts. In some cases if users did enter their password, a pop-up message would appear informing them that it was "importing" their contacts, without even asking their permission to do so.
These contacts were then fed into Facebook's database systems and used to build a map of users' social links and inform recommended friends on the social network. It's not clear if the data was also used for ad-targeting purposes.
In a statement given to Business Insider, the company said that these email contacts had been "unintentionally uploaded" to Facebook when users created their account.
It also said that prior to May 2016, it offered an option to verify a user's account and voluntarily upload their contacts at the same time. However, the feature was changed and the text informing users that their contacts would be uploaded was deleted, but the underlying functionality was not. Facebook says at no point did it access the content of users' emails.
That was followed earlier this month by news that cybersecurity researchers had discovered millions of Facebook records publicly accessible on Amazon's cloud servers, after the data was uploaded by third-party companies that work with Facebook.
In yet another development just this week, over 4,000 pages of documents from 2011 to 2015 were leaked which provide insight into how Facebook took advantage of user data while publicly promising to protect user privacy before and after its 2015 move to end broad access to user data.
The harvesting occurred when users were offered email password verification as an option to verify their identity when signing up to Facebook, a method widely condemned by security experts. In some cases if users did enter their password, a pop-up message would appear informing them that it was "importing" their contacts, without even asking their permission to do so.
These contacts were then fed into Facebook's database systems and used to build a map of users' social links and inform recommended friends on the social network. It's not clear if the data was also used for ad-targeting purposes.
In a statement given to Business Insider, the company said that these email contacts had been "unintentionally uploaded" to Facebook when users created their account.
It also said that prior to May 2016, it offered an option to verify a user's account and voluntarily upload their contacts at the same time. However, the feature was changed and the text informing users that their contacts would be uploaded was deleted, but the underlying functionality was not. Facebook says at no point did it access the content of users' emails.
We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we're deleting them. We've fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.The news is just the latest addition to a long list of privacy blunders and violations by Facebook. In March, for example, it emerged that between 200 and 600 million Facebook users may have had their account passwords stored in plain text in a database accessible to 20,000 Facebook employees. Some Instagram passwords were also included.
That was followed earlier this month by news that cybersecurity researchers had discovered millions of Facebook records publicly accessible on Amazon's cloud servers, after the data was uploaded by third-party companies that work with Facebook.
In yet another development just this week, over 4,000 pages of documents from 2011 to 2015 were leaked which provide insight into how Facebook took advantage of user data while publicly promising to protect user privacy before and after its 2015 move to end broad access to user data.
39 comments
Apple this week began stocking a new 4K 23.7-inch LG UltraFine Display, which replaces the original 21.5-inch 4K LG UltraFine Display that was pulled from retail stores and the online Apple Store...
Ahead of the 2019 Worldwide Developers Conference, which kicks off on Monday, June 3 with a keynote event, Apple has updated its official WWDC app for iOS devices.
There have been no design...
Apple today quietly released an updated version of macOS Mojave 10.14.5, which is designed for 15-inch MacBook Pro models that feature a T2 security chip, aka the 2018 and 2019 machines.
The new...
Apple today sent out media invites for the keynote event of its 30th annual Worldwide Developers Conference, which takes place at 10:00 a.m. Pacific Time at the McEnery Convention Center in San Jose,...
The UK's competition watchdog today announced that Apple has formally agreed to be "clearer and more upfront with iPhone users" about battery health and performance to ensure compliance...
The FTC today won its antitrust lawsuit against Qualcomm over the chipmaker's anticompetitive business practices.
As first reported by legal expert Florian Mueller on his blog FOSS...
Safari on iOS has a surprising number of hidden tricks, letting you manipulate tabs, conduct page-specific searches, and more, and not all of these features are immediately obvious due to the...
Cannes Lions today announced that Apple has been named the Creative Marketer of the Year, marking the first time the Cupertino company has won the award.
Apple was named the Creative Marketer of...
