Facebook Accidentally Imported 1.5M Users' Email Data Sans ConsentFacebook Accidentally Imported 1.5M Users' Email Data Sans Consent
The social media giant says it did not access the imported data and is notifying affected users.
April 18, 2019
Facebook has confirmed it "unintentionally uploaded" email contacts belonging to 1.5 million new users without their knowledge since May 2016. It is now deleting the information.
This discovery, first reported by Business Insider, began when a security researcher realized Facebook was requesting email passwords to verify some users' identities during the account creation process. If the password was entered, users saw an alert informing them Facebook was importing their contacts – even though the site hadn't requested permission to do so.
As Facebook explained, prior to May 2016 it gave users the option to input their email passwords to verify their accounts and upload contacts. The idea was to use the imported data for better advertising and recommending friends to users. When the company changed this feature, it eliminated the language telling people their contacts would be uploaded. However, the functionality remained and has been importing data from email accounts ever since.
The social media giant says it didn't access the uploaded data and is informing people whose contacts were uploaded. That said, it's worth noting how many individuals' information may have been affected. This feature uploaded the contacts of 1.5 million users, many of whom could have had information belonging to hundreds of people in their email address books.
Read more details here.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
Managed Security and the 3rd Party Cyber Risk Opportunity Whitepaper