Once again, further Facebook chaos makes it into the news that truly annoys many legit users. While Facebook already lost its credibility with the public due to its ongoing suspicious activities with users’ data, here comes another blow to their reputation. As confessed by the tech giant itself, Facebook harvested contacts from users’ emails without informing them. This activity allegedly affected 1.5 million accounts.
Facebook Harvested Contacts From User Emails
As disclosed by Business Insider, quoting a Facebook spokesperson, the tech giant was found guilty of another breach of users’ privacy. Allegedly, Facebook harvested contacts from users’ email accounts without any prior notice or permission.
Earlier this month, a researcher with the alias e-sushi on Twitter highlighted some strange Facebook activity. He pointed out that Facebook demanded users’ sign up to the platform to share their email passwords.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019
While things appeared a bit shady regarding Facebook’s intention behind this move, it now seems clear. According to the Business Insider report, Facebook actually collected users’ contacts from their email accounts without asking or informing the users. The activity has been going on since 2016 and allegedly affected 1.5 million user accounts.
Why Did They It All?
Facebook already has a pretty bad reputation for being unreliable when it comes to users’ privacy. This activity of gathering users’ email contacts forcefully is just a further addition. The platform seemingly offered an option to the registering user to upload contacts and verify their email accounts at the same time. However, the notification alerting users about the contact import feature was later removed, leaving behind the functionality with no apparent hint. As a result, right after a user clicked on the ‘blue’ button, Facebook would start importing contacts right away.
Stating about Facebook’s intention behind this act according to Facebook spokesperson, Business Insider stated,
“Facebook disclosed to Business Insider that 1.5 million people’s contacts were collected this way and fed into Facebook’s systems, where they were used to improve Facebook’s ad targeting, build Facebook’s web of social connections, and recommend friends to add.”
Facebook’s own confession for pretty shady activity breaching users’ privacy doesn’t seem normal. Probably, they are trying to pose as ‘honest’. However, no one can justify these weird activities by a tech giant.
Facebook stated the following:
“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account.”
After this revelation, Facebook plans to delete all the data ‘unintentionally’ collected from users’ email accounts.
“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them.”
In addition, Facebook will also notify the impacted 1.5 million users of this incident.
According to experts, Facebook will have violated American and European laws through this sheepish data exfiltration.
Take your time to comment on this article.
Latest posts by Abeerah Hashim (see all)
- Researcher Hacked Tesla Model X Demonstrating Keyless Entry System Vulnerability - November 25, 2020
- GitHub Patched A Vulnerability Months After Google’s Report - November 25, 2020
- Bug in Twitter Fleets Where Posts Remain Visible - November 24, 2020