Another day, another Facebook issue. Earlier on Thursday, news broke that Facebook confirmed that it has harvested the email contact lists for 1.5 million people, in an ongoing effort since May 2016.
The social network said the situation was “unintentional” – and that somehow, it just happened.
A security researcher earlier in April noticed Facebook was asking some – not all, curiously – new users to provide their email passwords when they signed up for a Facebook account, if they used certain email platforms, like Yandex or GMX.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019
Then, Business Insider investigated, and found that if one did indeed provide the requested email password, the user was informed that Facebook was importing their contacts. The platform didn’t ask for consent or permission to do so, either.
Now, about half a month after that revelation, Facebook has made a statement in response.
“When we looked into the steps people were going through to verify their accounts, we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account,” a spokesperson said Wednesday evening in a media statement.
The person added that the firm did not realize this was happening until this month, when it stopped asking for email password verification.
The problem was a result of a design change, the spokesperson said. Whereas before May 2016, users were given the option to upload their email contact lists to find friends already on Facebook, the “option” part of the process was inadvertently removed, according to the company.
The news comes hard on the heels of another privacy issue this week (one of, of course, many over the last few months) for Mark Zuckerberg’s tech spawn: A Tuesday NBC News report, detailing 4,000 newly-leaked Facebook emails, webchats, spreadsheets and meeting summaries from 2011 to 2015, found that Facebook has been using its user data as leverage in various relationships with other companies. That included rewarding some firms with extended user data access after they spent money advertising on its platform; as well as withholding user data from other companies that posed a competitive threat to the social media firm.
We asked researchers to weigh in (check out the Threatpost roundtable, here). And now we want to know what you think, with a short poll.