Another day, another Facebook privacy row. Of all the major technology companies out there, the social networking giant seems utterly incapable of keeping its users' information private. Last month reports indicated that Facebook was under criminal investigation over sharing user data without permission. Facebook also announced in March that up to 600 million user passwords were stored in plain text and that 20,000 of its employees had access to the searchable database. Earlier this month word surfaced that Facebook was forcing some new users to give their email passwords to register for an account.
Facebook is now admitting that it unintentionally grabbed the email contacts of 1.5 million new users that signed up since May 2016. The email contact information that Facebook collected was done without the user's knowledge or consent. The social network says that it is now deleting the scraped contact details.
The swiping of contact information was noticed after reports surfaced of Facebook asking for email passwords. Business Insider reports that after that revelation, it noticed that when a user entered their email password when asked, a message stating that Facebook was "importing" contacts was seen without any prompt asking for permission to import those contacts.
Facebook maintains that when it initially asked for the email account password, it had text that offered to import the user's email contact list at the same time, and requested permission before importing the contacts. However, the social network says that it later changed the feature and text asking for permission before uploading the contact list was deleted. Facebook claims it never accessed the content of user emails.
Stealing the contact lists of 1.5 million people is bad enough. Even worse is the fact that the contact list of the users would have likely had multiple contacts. The total number of people affected by this scraping of information could number significantly more than the 1.5 million people Facebook mentions.