RSN Fundraising Banner
Facebook Uploaded Email Contacts of 1.5 Million Users Without Consent
Written by <a href="index.php?option=com_comprofiler&task=userProfile&user=33522"><span class="small">Alex Hern, Guardian UK</span></a>   
Thursday, 18 April 2019 12:38

Hern writes: "Facebook has admitted to 'unintentionally' uploading the address books of 1.5 million users without consent, and says it will delete the collected data and notify those affected."

Facebook says it will delete the collected data and notify those affected. (photo: Dominic Lipinski/PA)
Facebook says it will delete the collected data and notify those affected. (photo: Dominic Lipinski/PA)


ALSO SEE: Facebook Joining Forces With the Daily Caller
for a Fact-Checking Mission

Facebook Uploaded Email Contacts of 1.5 Million Users Without Consent

By Alex Hern, Guardian UK

18 April 19


Company says it has stopped using password verification feature that collected data

acebook has admitted to “unintentionally” uploading the address books of 1.5 million users without consent, and says it will delete the collected data and notify those affected.

The discovery follows criticism of Facebook by security experts for a feature that asked new users for their email password as part of the sign-up process. As well as exposing users to potential security breaches, those who provided passwords found that, immediately after their email was verified, the site began “importing” contacts without asking for permission.

Facebook has now admitted it was wrong to do so, and said the upload was inadvertent. “Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,” the company said.

“When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account,” a spokesperson said. “We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”

The issue was first noticed in early April, when the Daily Beast reported on Facebook’s practice of asking for email passwords to verify new users. The feature, which allows Facebook to automatically log in to a webmail account to effectively click the link on an email verification itself, was apparently intended to smooth the workflow for signing up for a new account.

But security experts said the practice was “beyond sketchy”, noting that it gave Facebook access to a large amount of personal data and may have led to users adopting unsafe practices around password confidentiality. The company was “practically fishing for passwords you are not supposed to know”, according to cybersecurity tweeter e-sushi, who first raised concern about the feature, which Facebook says has existed since 2016.

At the time, Facebook insisted it did not store email passwords but said nothing about other information gathered in the process. Shortly after, Business Insider reported that, for users who entered their passwords, Facebook was also harvesting contact details – apparently a hangover from an earlier feature that Facebook had built expressly to take contacts with permission – except in this new implementation, users had not given consent.

The company said those contacts were used as part of its People You May Know feature, as well as to improve ad targeting systems. While it has committed to deleting the uploaded contacts, it is not immediately clear whether it will delete the information it inferred from those uploaded contacts – or even whether it is able to do so. Facebook did not immediately reply to a query from the Guardian.

Email This Page

e-max.it: your social media marketing partner
 

Comments   

A note of caution regarding our comment sections:

For months a stream of media reports have warned of coordinated propaganda efforts targeting political websites based in the U.S., particularly in the run-up to the 2016 presidential election.

We too were alarmed at the patterns we were, and still are, seeing. It is clear that the provocateurs are far more savvy, disciplined, and purposeful than anything we have ever experienced before.

It is also clear that we still have elements of the same activity in our article discussion forums at this time.

We have hosted and encouraged reader expression since the turn of the century. The comments of our readers are the most vibrant, best-used interactive feature at Reader Supported News. Accordingly, we are strongly resistant to interrupting those services.

It is, however, important to note that in all likelihood hardened operatives are attempting to shape the dialog our community seeks to engage in.

Adapt and overcome.

Marc Ash
Founder, Reader Supported News

 
+3 # chapdrum 2019-04-18 14:36
Because it can. Because it is (yet another) too-big-to-fail corporation.
Bad corp's; whatcha gonna do?