Add another debacle to the long list of Facebook's privacy snafus: The company reportedly obtained and uploaded email contacts of 1.5 million users -- without asking them first.
The company says it used the information to improve ads and suggest friends. News of the uploads was first reported Wednesday by Business Insider.
Facebook says the contact-scraping -- which began in May of 2016 -- was unintentional. “These contacts were not shared with anyone and we're deleting them,” the company stated Thursday. “We've fixed the underlying issue and are notifying people whose contacts were imported.”
The company obtained the information about email contacts when it asked some new users to provide an email password, in order to verify their identities. (In the past, that was one of the verification options offered by Facebook.)
Facebook adds that it previously told people how it would use their email contacts, but removed that language after redesigning a sign-up procedure in May of 2016.
Intentional or not, the news shows that for Facebook -- already facing the prospect of billions in fines from the Federal Trade Commission over privacy violations -- privacy remains an afterthought, at best.
The news is especially striking given that Facebook itself was previously involved in litigation over address-book uploads. Back in 2012, security researchers accused a host of developers -- including mobile network Path (subsequently acquired by Kong Technologies), Foodspotting, Foursquare Labs, Gowalla (acquired by Facebook in 2011), Instagram (acquired by Facebook in 2012), Kik Interactive, Twitter and Yelp -- of uploading and storing users' address books.
Most of those developers reportedly asked people for permission to access their address books, but didn't say they would keep the data in their servers.
A class-action lawsuit against the developers resulted in a $5 million settlement agreement in 2017.