Facebook Caught Scraping 1.5 Million Users' Contacts

Add another debacle to the long list of Facebook's privacy snafus: The company reportedly obtained and uploaded email contacts of 1.5 million users -- without asking them first.

The company says it used the information to improve ads and suggest friends. News of the uploads was first reported Wednesday by Business Insider.

Facebook says the contact-scraping -- which began in May of 2016 -- was unintentional. “These contacts were not shared with anyone and we're deleting them,” the company stated Thursday. “We've fixed the underlying issue and are notifying people whose contacts were imported.”

The company obtained the information about email contacts when it asked some new users to provide an email password, in order to verify their identities. (In the past, that was one of the verification options offered by Facebook.)

Facebook adds that it previously told people how it would use their email contacts, but removed that language after redesigning a sign-up procedure in May of 2016.

Intentional or not, the news shows that for Facebook -- already facing the prospect of billions in fines from the Federal Trade Commission over privacy violations -- privacy remains an afterthought, at best.

The news is especially striking given that Facebook itself was previously involved in litigation over address-book uploads. Back in 2012, security researchers accused a host of developers -- including mobile network Path (subsequently acquired by Kong Technologies), Foodspotting, Foursquare Labs, Gowalla (acquired by Facebook in 2011), Instagram (acquired by Facebook in 2012), Kik Interactive, Twitter and Yelp -- of uploading and storing users' address books.

Most of those developers reportedly asked people for permission to access their address books, but didn't say they would keep the data in their servers.

A class-action lawsuit against the developers resulted in a $5 million settlement agreement in 2017.

3 comments about "Facebook Caught Scraping 1.5 Million Users' Contacts".
Check to receive email when comments are posted.
  1. Thom Kennon from Free Radicals, April 19, 2019 at 10:04 a.m.

    Yeah, but it's not a "privacy snafu" - it's their business model. Their only snafus are getting caught.

  2. Yung Chung from Order, April 19, 2019 at 11:49 a.m.

    You have made the following changes to your USDA Office of Communications subscriptions:

    You subscribed to topics:

    You will receive an email update when new information becomes available.

  3. Paula Lynn from Who Else Unlimited, April 19, 2019 at 12:13 p.m.

    fbeast may be too far gone to be fixed and should be scrapped. Then there will be "room" for competitors who have learned something and do better. When then are beyond fixing, the circle starts again.

Next story loading loading..