Facebook may have hoovered up 1.5 million users' email contacts without permission  - facebook confirm password - Facebook hoovered up 1.5 million users’ email contacts without permission… “unintentionally”

For such an allegedly smart , Facebook doesn’t half do some dumb things.

Kudos to the team at Business Insider who were as bewildered as the rest of us as to why Facebook was asking some users to hand over the password of their email account, but also noted that the site appeared to then be scooping up users’ address books without requesting prior permission.

Facebook may have hoovered up 1.5 million users' email contacts without permission  - uploading contacts - Facebook hoovered up 1.5 million users’ email contacts without permission… “unintentionally”
As -savvy folks around the world reacted with a mixture of shocked headlines and shrugs of resignation (this was Facebook, after all), the social network said that it would be discontinuing the feature.

Business Insider, however, went one step further and asked Facebook just how many users had their email contacts uploaded through the mechanism.

Facebook’s response to the question from Business Insider is rather shocking – up to 1. million users.

Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”

Considering how many names and addresses the typical person has in their email address book, that could mean that Facebook stole (Yes, it was stealing. They didn’t have permission) the contact details of hundreds of millions of people.

I wonder how the authorities and regulators might view Facebook’s lax behaviour around its users’ private . And I wonder if Facebook would even have admitted the details of what happened if they hadn’t been pressed by journalists.

And if Facebook can “unintentionally” make a huge mistake like this, I wonder what other unintentional boo-boos it can make.

And how much longer people will put up with it.

Remember, if security researchers and journalists hadn’t pointed out this problem, Facebook would still be doing it. Who wants to make a bet as to when the next Facebook privacy scandal pops up?

We put together a “Smashing Security” podcast where we describe how to quit Facebook and offer some techniques for people who are fearful of going cold turkey.

- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 80 d mm r g - Facebook hoovered up 1.5 million users’ email contacts without permission… “unintentionally”

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Follow @gcluley





Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here