Facebook uploaded 1.5 million people’s email contacts without permission


Welcome to the latest episode of “Facebook’s Daily Screw-up.” Following a report from Business Insider yesterday, the company confirmed it had uploaded more 1.5 million users’ contact lists without their permission when they signed up for the service starting in May 2016.

According to BI, a security researcher noticed that Facebook was asking some users to enter the password for their email account when they’re making a new Facebook account. If they went ahead and entered the password, the social network displayed a message saying it was “importing your contacts,” without a way for them to opt out.

Later, it erased the notification text mentioning the contacts upload process, but forgot to remove the underlying code that carried out the task. How convenient!

Facebook also issued a statement saying it had stopped email verification functionality a month ago, and it’s also deleting the uploaded data:

Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they