Facebook announced that it “unintentionally” harvested the email contacts of 1.5 million of its users without their consent.
The social media company automatically uploaded the information from users who had registered with the site after 2016 and provided their email addresses and passwords. Upon submitting a form to “confirm” their accounts, registrants saw a screen showing that their email contact lists were harvested without any means of providing consent, opting out, or interrupting the process.
“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings,” a Facebook spokeperson said.
Facebook’s requests for user email passwords during account registration has garnered strong criticism from security and privacy experts and led to the company halting the practice earlier this month.
The news comes at an awkward time for the gaffe-prone company in light of its recent attempts to rebrand itself as being more privacy-focused.