It feels like we are hearing about Facebook doing nefarious things with people’s data at least once a week. The latest news comes from Business Insider which reported that Facebook harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts.
Business Insider has learned that since May 2016, the social networking company has collected the contact lists of 1.5 million users new to the social network. The Silicon Valley company says they were “unintentionally uploaded to Facebook,” and is now deleting them.
A security researcher noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts. This was supposedly to verify their identity. To be clear, Facebook wasn’t content with having a new user’s email address – it also wanted the password to that user’s email address.
Business Insider checked this out, and found that if you did enter an email password, a message popped up saying it was “importing” your contacts. Facebook did not ask user’s for permission to do that – it just went ahead and grabbed that information.
A Facebook spokesperson gave a statement to Business Insider. In it, Facebook claims that the contacts were not shared with anyone and that Facebook is now deleting them and notifying people whose contacts were imported. The statement does not say that Facebook is deleting the email passwords that it required new users to give them.
Personally, I find this disgusting. It seems like Facebook feels entitled to grab as much data as it can not only from its users – but also from people who are in the process of signing up for a Facebook account. When it gets caught doing this, it claims this was done “unintentionally.”
I find it hard to believe that someone unintentionally created something that would suck up people’s email contacts. I find it even harder to believe that the thing that sucks up contacts was unintentionally implemented as part of Facebook’s sign up process.