Facebook 'unintentionally' Harvests up to 1.5 Million Email and Password Details


Facebook has admitted to ‘unintentionally’ harvesting email contacts of up to 1.5 million new users that were signing up to the social network without their permission, according to reports.


Business Insider first broke the story that detailed the collection of unwitting users’ email addresses from May of 2016. According to BI, “a security researcher noticed Facebook was asking some new users to provide their email passwords when they signed up - a move widely condemned by security experts.”

Reports state that this was impacting new users to the site, where a pop-up window would ask for the user to log their email and password details.

“If you entered your email password, a message popped up saying it was ‘importing’ your contacts without asking for permission first.”

Once the contacts were imported, Facebook would then be able to more precisely map out social and personal connections between users signed up to the social media service, analysts say. Facebook stands firm that the data collected was not shared with any third-parties.

A Facebook spokesperson failed to put a concrete number on the total number of contact details obtained through this window, but it has issued a statement in response to the news, outlining that the feature was originally designed to verify new accounts. Facebook says it is now in the process of deleting the data, and that it was “unintentionally uploaded to Facebook.”

“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into these steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account.”

The social media giant also says that they have patched the “underlying issue” that led to the initial problem.

“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings,” the statement concluded.

#facebook #data #datasecurity #iso27001

© 2019 by Best Practice

  • White YouTube Icon
  • White LinkedIn Icon
  • White Instagram Icon
  • White Facebook Icon
  • White Twitter Icon