Social media giant Facebook has admitted that it had access email contacts of as many as 1.5 million of its users without their consent. Furthermore, the company also stored these email contacts.
A report in Business Insider also claims that between May 2016 and March 2019, Facebook asked some of the new users on its platform to verify their email addresses by sharing the password of their email account. However, once users did this, the email contacts of the user automatically got imported and users did not have the option of stopping it or opting out of it.
In response to this, Facebook told Business Insider that the email contacts were uploaded “unintentionally” in the process. The company also added that these contacts had not been shared by the social media platform with anyone. Facebook also said that it is now deleting the contacts that got uploaded and has also fixed the issue that led to the problem.
It is worth adding that email verification is a very common practice for most online platforms. However, what happened in Facebook’s case is an exception. Usually, when a platform asks users to provide their email address, it sends users a link on their email ID that they have to click so that their account gets verified. On the other hand, Facebook asked users to verify that their accounts by handing over their passwords. The page asking for user’s email password said, “To continue using Facebook, you’ll need to confirm your email address.”
However, users did not have to go through this process as Facebook’s traditional verification options were hidden behind the link between the password box that read ‘Need help?’ Users could also verify their account via a code sent to their smartphone.
We must also add here that Facebook uploaded users’ contacts before May 2016 too when they provided their email password. In fact, that month, Facebook did delete the message that said that their contacts will be uploaded. However, it did nothing to stop the uploading.
While Facebook did mention below its password box that it would not store the password entered as a part of the process. However, Facebook has been embroiled in multiple data breaches since last year, and now, this has become the most recent one.
The social media giant has said that it is notifying all the users whose contacts were uploaded to the service and the process will be completed in the next few days.