Facebook Imported 1.5 Million Users' Email Contacts Without Permission

Credit: Denys Prykhodov/ShutterstockCredit: Denys Prykhodov/ShutterstockFacebook admitted that it has uploaded the contact lists of 1.5 million users since 2016 without their consent, Business Insider reported today. Since most people tend to have tens or hundreds of contacts in their email address books, this uploading of contacts, which the company called "unintentional," may have affected hundreds of millions of users. Regardless of the intent behind this action, Facebook still admitted that it used the collected contacts to to improve its ad targeting capabilities.

Facebook Uploads Contacts Without Consent

Since May 2016, Facebook has been asking some new users for their email account passwords. According to Business Insider's report, the company then promptly started harvesting those emails for the users’ email contact lists, but Facebook says this contact data was “unintentionally uploaded” to the company’s servers.

"These contacts were not shared with anyone, and we're deleting them. We've fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings," a spokesperson for the social media giant told Business Insider. 

A user with the Twitter username e-sushi made the discovery and shared his revelation online. He noticed that when a new account was created, Facebook asked the user for their email password. Then, the social media company would show a message about importing the user’s contacts without first asking for permission. The user would not be able to stop the importing of contacts once the process started.

Facebook Stopped Informing Users About The Upload

A Facebook spokesperson said that the company used to ask users for their permission before uploading their contact lists, but the company deleted the message informing users in 2016. There was no explanation provided as to why. The contact uploading functionality remained, but it now worked in the background without first asking users’ consent.

Facebook has promised to delete the data it gathered through this operation; however, without some sort of third-party audit or government investigation there’s no way to know if Facebook follows through and stops using the data for its ad business.

8 comments
    Your comment
  • Dark Lord of Tech
    You mean DARPA imported without permission.
  • Math Geek
    i can't even be bothered to be surprised anymore. if this still shocks anyone, then they seriously need to wake up and smell the coffee.
  • Yuka
    The obvious ruling here is for them to delete all that data and start from scratch; no questions asked about it.

    I'm pretty damn sure out of all the scummy ways they've obtained data of people outside their network/system, this is the scummiest by friggin' far.

    Cheers!