Facebook admitted that it had gathered the contact information of around 1.5 million users without their consent or knowledge since May 2016, although the social media giant mentioned that the uploading of sensitive personal data was unintentional, and it is now deleting the information from its servers. Facebook will also inform users affected by this issue, although the social media giant did not provide any timeline on when exactly they will contact affected individuals.
This news comes after a security researcher discovered that Facebook is asking some of its users to provide their email passwords. For years, the social media giant has been trying to reduce the number of fake accounts created on its platform and verifying users by asking for their email passwords is one of the methods it employed to confirm users’ existence.
The tech giant initially explained that entering email passwords will make it easier for users to verify their identities since they no longer have to check their emails and get the code sent to them by Facebook.
However, Facebook recently admitted that aside from verifying user identities, providing the social media giant with email passwords will allow the platform to look into the person’s list of contacts and upload this sensitive information to its servers.
The social media giant noted that the option to verify identities using email passwords already existed before 2016. Users who took advantage of this option before 2016 knew that Facebook would upload their contacts to its platform through a notice shown on its web page.
However, Facebook removed the text informing users about the harvesting of contact data after 2016, but the mechanism to upload sensitive information continued to work. Once Facebook gets a hold of users’ contacts, it may use the information to recommend potential friends and determine the advertisements it will serve to the user.
The social media platform claims that it did not share the email passwords and contact information with other tech firms, but recent security gaffes put Facebook’s capability to store data securely in question.
Recently, the social media giant announced that more than 600 million passwords were stored in plain text, allowing the company’s staff to read users' passwords easily. Most of the people affected by this issue are users of the Facebook Lite app, although users of Facebook’s regular application and Instagram account owners are also affected by this issue.
Just a few weeks later, security researchers from UpGuard discovered that the public could access up to 146GB of Facebook user data stored by the Mexican media company Cultura Collectiva on servers owned by Amazon Web Services. Included in this dataset are details like Facebook IDs, account names, comments, likes, and reactions.
Security researchers also discovered a smaller database that contains account passwords in addition to the similar types of data found in the more massive datasets. This poor record on the part of the social media giant regarding the protection of user information can be particularly concerning especially for users whose contact information were uploaded to Facebook's servers.