Social network seems to be stumbling from one security nightmare to another.
If there is at least one good thing that Facebook has achieved in the past year or more it has to be the mass education of people all over the world about cybersecurity, privacy and the value of their data.
In the latest sorry debacle, Facebook has admitted that it harvested the email contact lists of some 1.5m users without their knowledge or consent when they set up their accounts.
‘These contacts were not shared with anyone and we’re deleting them’
Since May 2016, the social media juggernaut collected the contact lists of 1.5m users that were new to the social network.
According to Business Insider, which broke the story, the company said that the contacts were “unintentionally uploaded to Facebook” and that it is now deleting them.
Isn’t verification supposed to be about keeping you secure?
The breach was discovered by a security researcher who noticed that Facebook was asking people new to the network to verify their identities with their email address.
Once they did so, a message popped up saying Facebook was “importing” their contacts without asking for permission first.
The company has moved to close the loophole in yet another lamentable security misstep.
“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,” it said in a statement.
“When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5m people’s email contacts may have been uploaded.
“These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”