Facebook has admitted that it uploaded up to 1.5 million users contact list without their consent. The social media giant earlier this month was asking users to hand over their account credentials as part of the so-called registration process, but later admitted that it “unintentionally” extracted the contact details of around 1.5 million users without their knowledge and without ever asking their permission.
Facebook said that the issue started three years ago when it made some changes to the step-by-step verification process which users have to apply while signing up for an account on the platform. Before these changes were integrated into the system, users were also given the option to upload their email contact lists to help them find their friends who are already on Facebook.
But in May 2016, Facebook made a revision to the registration process and removed the language that explained to the users that their contact lists could be uploaded to the company’s servers during the sign-up process for an account. But the company didn’t realize that the said functionality was still operating, and in some cases, user’s email contact lists automatically uploaded to Facebook without their knowledge.
A Facebook spokesperson on this matter said that the company did not realize this was happening until April of this year. He said after finding out the flaw the firm stopped offering email password verification as an option for people who were signing up to Facebook for the very first time.
The spokesperson added, “When we looked into the steps people were going through to verify their accounts, we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account”.
The company in a statement said, “We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings”.
Facebook previously made a similar mistake where it stored hundreds of millions of users’ passwords on their internal servers in plain text.