Reason #45,327 to delete your Facebook account: The social network collected the email contact info of 1.5 million users without their knowledge or consent and used the data to improve Facebook’s ad targeting, build Facebook’s web of social connections, and recommend friends to add.
Business Insider reports Facebook began collecting the the information in May 2016 when new users opened a new account on the social network.
The revelation comes after pseudononymous security researcher e-sushi noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities, a move widely condemned by security experts. Business Insider then discovered that if you entered your email password, a message popped up saying it was “importing” your contacts without asking for permission first.
In a statement to Business Insider, the firm said the email contacts had been “unintentionally uploaded” to Facebook during account creation.
The company admits that up to 1.5 million user’s email contacts may have been uploaded. The social network says the contacts were not shared with anyone and are being deleted.
The “underlying issue” has been fixed, the company assures users, and affected users are being notified. Users can also review and manage the contact information shared with Facebook.
A Facebook spokesperson told Business Insider that before May 2016, it offered an option to verify a users account via their email address and voluntarily upload their email contacts. The company changed the feature to remove the text telling users their contacts would be uploaded, but kept the underlying functionality in place.
While the social network says it didn’t access the content of their users’ emails, a user’s contact list is sensitive data, as it reveals who a person is communicating with and who they connect to.
Today’s news is just the latest in a long series of privacy related violations and screwups committed by the firm.
In March, it was learned that between 200 and 600 million users may have had their account passwords stored in plain text in a database accessible by 20,000 Facebook employees.
Earlier this month, it was learned that millions of Facebook user records were found stored on publicly accessible Amazon cloud servers by researchers at UpGuard, a cybersecurity firm. The data was stored there by third-party companies working with Facebook.