Serviceteam IT Security News

Since 2016, Facebook has reportedly harvested email contacts of 1.5 million users without their consent. According to Business Insider, the media outlet that broke the story, the company had been collecting the contact lists of new users since May 2016. 

In a statement, Facebook confirmed that it had been unintentionally uploading this data when people were verifying their accounts. 

“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,” said the statement. “When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account.

“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”

According to Business Insider, a security researcher realized that Facebook was asking some users to “enter their email passwords when they signed up for new accounts to verify their identities.” The outlet then discovered that when a user entered their email password, “a message popped up saying it was ‘importing’ contacts, without asking for permission first.”

A Facebook spokesperson also confirmed that these contacts were uploaded into Facebook’s systems, where they were used to build “Facebook’s web of social connections” and recommend friends. 

It’s not known if these contacts were also used for ad-targeting purposes, similar to that of the Cambridge Analytica scandal that happened last year. The exposé, which was released by The Observer, had led to Facebook having to answer questions to the US Senate and the UK government. 

Infosecurity Magazine reported that at the beginning of April, over half a billion personal Facebook records were publicly exposed to the internet by two third-party app developers. UpGuard claimed to have found the two datasets stored in Amazon S3 buckets, which were configured to allow public download of files.

“The data exposed in each of these sets would not exist without Facebook, yet these data sets are no longer under Facebook’s control. In each case, the Facebook platform facilitated the collection of data about individuals and its transfer to third parties, who became responsible for its security,” explained UpGuard.

In regards to the latest data mishap, Facebook plans to notify the 1.5 million users affected and delete their contacts from the company’s systems.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!