Another month, another Facebook Inc. privacy scandal.

Following an exposé from Business Insider, the social networking giant today said that it has “unintentionally uploaded” the email contacts of 1.5 million users to its systems. The affected group includes people who signed up for Facebook from May 2016 to March 2019 and shared their email passwords with the company during registration.

In this period, Facebook used a since-discontinued verification mechanism that made password disclosure a requirement to creating an account for some users. The system replaced an earlier security mechanism that had offered consumers the option of using their email credentials to verify their identities but didn’t make it mandatory.

That earlier mechanism generated a dialog box informing consumers their email contacts would be collected if they choose to share their passwords. But according to Facebook, when it upgraded to the newer system that was in use from 2016 to 2019, the notification was removed. As a result, users weren’t informed that their address books would be accessed before signing up and didn’t have a way of opting out.

Facebook did display a message reading “importing contacts” after a user registered, but there was no way to cancel the process or undo it after the fact.

Brian Vecci, the field chief technology officer of cybersecurity provider Varonis Systems Inc., said that “this news illustrates how easy it is for any company — not just Facebook — to skip asking for consent when harvesting personal data like your contacts.”

The scope of the privacy blunder extends beyond the 1.5 million people who provided their email credentials to Facebook. It also affects the many more consumers whose contact information was in the harvested contact lists, which potentially brings the total number of impacted users to tens of millions.

Facebook said that it’s in the process of deleting the data and will notify affected users. However, that isn’t likely to mitigate the impact this latest incident will have on the company’s already diminished public image, which has been damaged by repeated privacy and security controversies over the past year.

Facebook admitted last month that it accidentally stored as many as 600 million user passwords in plain text for years. Earlier, the company was a hit by cyberattack that saw hackers make away with the personal data of 30 million people. A third scandal involving data sharing deals with other companies recently prompted New York authorities to launch a criminal investigation into Facebook.

Photo: Unsplash