UPDATED 13:21 EDT / APRIL 18 2019

SECURITY

Facebook says it ‘unintentionally’ harvested 1.5M users’ email contacts

Another month, another Facebook Inc. privacy scandal.

Following an exposé from Business Insider, the social networking giant today said that it has “unintentionally uploaded” the email contacts of 1.5 million users to its systems. The affected group includes people who signed up for Facebook from May 2016 to March 2019 and shared their email passwords with the company during registration.

In this period, Facebook used a since-discontinued verification mechanism that made password disclosure a requirement to creating an account for some users. The system replaced an earlier security mechanism that had offered consumers the option of using their email credentials to verify their identities but didn’t make it mandatory.

That earlier mechanism generated a dialog box informing consumers their email contacts would be collected if they choose to share their passwords. But according to Facebook, when it upgraded to the newer system that was in use from 2016 to 2019, the notification was removed. As a result, users weren’t informed that their address books would be accessed before signing up and didn’t have a way of opting out.

Facebook did display a message reading “importing contacts” after a user registered, but there was no way to cancel the process or undo it after the fact.

Brian Vecci, the field chief technology officer of cybersecurity provider Varonis Systems Inc., said that “this news illustrates how easy it is for any company — not just Facebook — to skip asking for consent when harvesting personal data like your contacts.”

The scope of the privacy blunder extends beyond the 1.5 million people who provided their email credentials to Facebook. It also affects the many more consumers whose contact information was in the harvested contact lists, which potentially brings the total number of impacted users to tens of millions.

Facebook said that it’s in the process of deleting the data and will notify affected users. However, that isn’t likely to mitigate the impact this latest incident will have on the company’s already diminished public image, which has been damaged by repeated privacy and security controversies over the past year.

Facebook admitted last month that it accidentally stored as many as 600 million user passwords in plain text for years. Earlier, the company was a hit by cyberattack that saw hackers make away with the personal data of 30 million people. A third scandal involving data sharing deals with other companies recently prompted New York authorities to launch a criminal investigation into Facebook.

Photo: Unsplash

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU