Facebook has sent 1.5 million user email contacts without permission



[ad_1]

  • Facebook said it has "inadvertently downloaded" the contacts of 1.5 million new Facebook users since May 2016.
  • This revelation comes after a security researcher noticed that Facebook was asking some users to enter their email password when they signed up to create new accounts in order to verify their identity, a decision widely. condemned by security experts.
  • Business Insider then discovered that, if you entered your email password, a message appeared stating that it "imported" your contacts without asking for permission first.
  • Facebook said that does not mean downloading these contacts and that it is in the process of deleting them.
  • Visit BusinessInsider.com for more stories.

Facebook has collected email contacts from 1.5 million users without their knowledge and without their consent when opening their accounts.

Business Insider has learned that since May 2016, the social networking company has collected contact lists of 1.5 million new users on the social network. The Silicon Valley company said the contacts had been "unintentionally uploaded to Facebook", and that she is now deleting them. You can read the full Facebook statement below.

This revelation comes after a security researcher noticed that Facebook was asking some users to enter their email password when they signed up to create new accounts in order to verify their identity, a decision widely. condemned by security experts. Business Insider then discovered that, if you entered your email password, a message appeared stating that it "imported" your contacts without asking for permission first.

At the time, we did not really know what was happening – but a Facebook spokesperson has now confirmed that 1.5 million contacts were collected this way and integrated into Facebook's systems, where they were used to create Facebook's social network and recommend their friends. add. It is not clear if these contacts were also used for ad targeting purposes.

The "Import Contacts" dialog in question.
Screen Capture / Rob Price

Facebook said that before May 2016, it offered the ability to check a user's account and voluntarily download his contacts at the same time. However, Facebook said that the feature had been changed and that text informing users that their contacts would be downloaded had been removed – but the underlying features were not. Facebook has not accessed user email content, the spokesman added.

The incident is the latest misstep in protecting the privacy of the beleaguered tech giant, which has gone from scandal to scandal over the past two years.

Facebook is now planning to notify the 1.5 million affected users over the next few days and remove their contacts from the company's systems.

Full statement from Facebook, by a spokesperson:

Last month, we stopped offering email password verification as an option to people who check their account when they first sign up for Facebook. When we looked at the steps people took to check their accounts, we found that, in some cases, their email contacts were also unintentionally uploaded to Facebook when they created their accounts. We estimate that up to 1.5 million email contacts have been downloaded. These contacts have not been shared with anyone and we are deleting them. We solved the underlying problem and warn the people whose contacts were imported. Users can also view and manage the contacts that they share with Facebook in their settings.


Do you have a tip? Contact this reporter via the encrypted Message Encryption application at +1 (650) 636-6268 using a nonprofessional phone, send an email to [email protected], Telegram or WeChat to robaeprice, or Twitter DM to @robaeprice. (Public relations sites by email only.) You can also contact Business Insider securely via SecureDrop.

[ad_2]

Source link