Data harvesting: Facebook copied contacts from 1.5 million users

2019-04-19 31

MENLO PARK, CALIFORNIA — Facebook has admitted to 'unintentionally' harvesting the contact lists of more than 1.5 million of its users, according to Business Insider.

The report states that the company has been collecting emails from its users since May 2016. Facebook has said the information was 'unintentionally uploaded' and that they were working on taking it down.

Last Wednesday, the social media giant told Business Insider that the contacts were uploaded into their system and used to improve the company's ad targeting, developing friend recommendations, and building its social web.

Business Insider noticed the breach when a Twitter user called e-sushi, posted a screenshot where Facebook asked new users to confirm their email address.

In the tweet, e-sushi stated it was, 'a horrible idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know!'.

Screenshots posted by Business Insider show Facebook asked users to confirm their email address and password by clicking on a blue 'connect' button. After clicking the button, users would see a pop-up where Facebook informed them that it was importing their contacts. This process could not be interrupted or canceled.

Facebook is now looking to notify the users that were affected by the privacy breach and deleting all contacts that were harvested from the 1.5 million accounts, saying in a statement, 'We've fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.'