Facebook 'unintentionally' harvested email contacts from 1.5M users

Posted:
in General Discussion edited April 2019
Facebook on Wednesday confirmed that it "unintentionally uploaded" the email contacts of some 1.5 million users without their express consent since May 2016, a mistake for which the company is taking steps to correct.

Facebook
Source: Business Insider


A security researcher discovered the apparent error after finding Facebook requesting some users provide both an email and corresponding password to verify their identity when opening a new account, reports Business Insider.

Upon entering the information, the social network automatically imported contacts stored on an email provider's servers. The report suggests Facebook logged in to customer email accounts, pulled contact information and stored that data without first asking consent.

In a statement to the publication, Facebook said the email upload mechanism is a vestige of a bygone user experience feature. Prior to May 2016, a one-step sign-up process allowed users to both verify their identity and upload email contacts to the network. That service, along with text notifying users of the feature, were deprecated, but the automated contact upload function was not.

Facebook estimates up to 1.5 million users were impacted by the flaw.

"Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time," a spokesperson said. "When we looked into the steps people were going through to verify their accounts we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account."

In confirming the error, Facebook noted no contacts were shared and that it is in the process of deleting the gathered information. Users whose contacts were imported are being informed of the error.

"We've fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings," the spokesperson said.

Today's revelation is only the latest in a string of user privacy-related snafus. The social network has been under intense scrutiny since the Cambridge Analytica fiasco, with subsequent investigative reports shedding light on the company's internal workings, from sloppy security policies to questionable data sharing practices.

Most recently, documents leaked from an ongoing court case show Facebook leveraged user data in dealings with partners, offering friends access to the information while withholding the same from perceived competitors.
watto_cobra

Comments

  • Reply 1 of 19
    65026502 Posts: 382member
    Facebook having a security breach is no longer a story. It's expected. I closed my account years ago and don't even miss it.
    chasmchiawatto_cobra
  • Reply 2 of 19
    FB cannot keep any data secure, it has more leaks than s sinking ship, yet unlike the ill-fated Titanic, FB magically stays afloat with most of its loyal followers rinsing onboard.  Bottom Line:  do not place any data or say anything on any social media that you would not want the world to know about.  
    wonkothesanecaladanianchiawatto_cobra
  • Reply 3 of 19
    KuyangkohKuyangkoh Posts: 838member
    Yeah right, un intentionally harvested? And my name is Elvis 🕺 
    dws-2larryjwwatto_cobra
  • Reply 4 of 19
    elijahgelijahg Posts: 2,848member
    As "unintentional" as Google's collecting of passwords it sniffed over WiFi, no doubt.
    caladanianmike54chiawatto_cobra
  • Reply 5 of 19
    chasmchasm Posts: 3,601member
    Unintentional in the sense that this used to be routine, and apparently they “forgot” to turn it off for new users. Oopsie.
    watto_cobra
  • Reply 6 of 19
    LordeHawkLordeHawk Posts: 168member
    Winding down a feature or a project usually involves some planning.  Depending on the type of shutdown, there’s hardware, API references, virtual machines, encryption keys, SSL certs, server side scripts, database connections, etc.

    So to be clear, Facebook dumps resources into new privacy destroying features but can’t be bothered with appropriate asset retirement.
    I work in cyber security and Facebook’s platform cannot be secure with legacy assets in play.  I would expect a serious hacking incident soon, as their attack surface is not properly managed.  The very best cyber security software cannot protect against ignorance and poor implementation.

    This might sound like common sense; do not but private things on Facebook, do not connect any financials, do not use the Sign in with Facebook option, and do not underestimate Facebook’s deplorable track record.
    eric deardorffcaladanianmike54chiawatto_cobra
  • Reply 7 of 19
    sflocalsflocal Posts: 6,136member
    FB cannot keep any data secure, it has more leaks than s sinking ship, yet unlike the ill-fated Titanic, FB magically stays afloat with most of its loyal followers rinsing onboard.  Bottom Line:  do not place any data or say anything on any social media that you would not want the world to know about.  
    Which is why I don’t see the big deal with FB’s data.  It’s all data that users post, most accessible by the public on some level so people making a fuss about this is strange.
  • Reply 8 of 19
    olsols Posts: 51member
    What are Facebook’s intentions looking at all the data breaches/mishaps over a period of the last 12 months and I feel that nobody in their consistent mind can take more of this. Isn’t it time to shut down this misled experiment for good perhaps by apple or on a state level?

    How many more issues need to occur until justice systems get involved?
    watto_cobra
  • Reply 9 of 19
    tobiantobian Posts: 155member
    I view this as a fault of email account provides. They should be able to identify, that logging into the account is made by an application, not user on it's portal.. and provide its own screen informing what app wants access to addresses, requesting an allowance.. like with the apps on our smartphone platforms.
    watto_cobra
  • Reply 10 of 19
    Johan42Johan42 Posts: 163member
    6502 said:
    Facebook having a security breach is no longer a story. It's expected. I closed my account years ago and don't even miss it.
    Too late. Your entire life has been compromised. Now you’ll have to live under a rock with a tinfoil hat on your head so the big bad aliens can’t find you to steal your job, riches, and privacy.
  • Reply 11 of 19
    sphericspheric Posts: 2,703member
    tobian said:
    I view this as a fault of email account provides. They should be able to identify, that logging into the account is made by an application, not user on it's portal.. and provide its own screen informing what app wants access to addresses, requesting an allowance.. like with the apps on our smartphone platforms.
    If YOU are foolish enough to supply somebody with your email account and password, it is the provider‘s responsibility to prevent them from logging in? 
    watto_cobra
  • Reply 12 of 19
    boboliciousbobolicious Posts: 1,175member
    ...for consideration an excerpt from 'Terms and Conditions May Apply' : www.youtube.com/watch?v=Yn0mglH7XLk
    edited April 2019
  • Reply 13 of 19
    macxpressmacxpress Posts: 5,940member
    I think we should just "unintentionally" intentionally shut down FaceBook. This is a horrible company and I don't know why people still continue to use this service. 
    watto_cobra
  • Reply 14 of 19
    sflocal said:
    FB cannot keep any data secure, it has more leaks than s sinking ship, yet unlike the ill-fated Titanic, FB magically stays afloat with most of its loyal followers rinsing onboard.  Bottom Line:  do not place any data or say anything on any social media that you would not want the world to know about.  
    Which is why I don’t see the big deal with FB’s data.  It’s all data that users post, most accessible by the public on some level so people making a fuss about this is strange.
    I’m not sure that’s accurate. My MIL, my mother and several of my friends are on Facebook. Part of the process involves access to their address book so Facebook can “help them get started” finding people they know. Well, I’m not on Facebook but my information is certainly in the address books of my friends and family members, that isn’t necessarily simply my name and email address either. I’ve seen my contact sheet on my MIL’s phone and it includes my physical address, my birthdate, my spouses and children’s names and other information that Facebook has no business knowing. 

    So, potentially, Facebook has data on me, compiled from multiple sources, that can be leaked or hacked or whatever and Facebook didn’t get it from me nor did I give them consent to use/collect it.

    Let’s not forget that Facebook also tracks people around the internet and their physical location as well. That certainly isn’t data that users post. 

    I do laugh, though, when I remember a few years ago the outrage that ensued when it was discovered that people’s iPhones kept map of where they had been in a hundred mile radius. Turned out it was to more quickly join Wi-Fi networks, if I recall correctly, and was data that stayed on the iPhone. I had several friends who were “upset” to find that out. But none of them seem to give a shit that Facebook records their physical location all the time and not for something as simple as connecting to Wi-Fi. Double standard much, people?
    MacProStrangeDayswatto_cobra
  • Reply 15 of 19
    spice-boyspice-boy Posts: 1,450member
    Ooops! Sorry, won't happen again until it happens again, 
    watto_cobra
  • Reply 16 of 19
    MacProMacPro Posts: 19,851member
    sflocal said:
    FB cannot keep any data secure, it has more leaks than s sinking ship, yet unlike the ill-fated Titanic, FB magically stays afloat with most of its loyal followers rinsing onboard.  Bottom Line:  do not place any data or say anything on any social media that you would not want the world to know about.  
    Which is why I don’t see the big deal with FB’s data.  It’s all data that users post, most accessible by the public on some level so people making a fuss about this is strange.
    I’m not sure that’s accurate. My MIL, my mother and several of my friends are on Facebook. Part of the process involves access to their address book so Facebook can “help them get started” finding people they know. Well, I’m not on Facebook but my information is certainly in the address books of my friends and family members, that isn’t necessarily simply my name and email address either. I’ve seen my contact sheet on my MIL’s phone and it includes my physical address, my birthdate, my spouses and children’s names and other information that Facebook has no business knowing. 

    So, potentially, Facebook has data on me, compiled from multiple sources, that can be leaked or hacked or whatever and Facebook didn’t get it from me nor did I give them consent to use/collect it.

    Let’s not forget that Facebook also tracks people around the internet and their physical location as well. That certainly isn’t data that users post. 

    I do laugh, though, when I remember a few years ago the outrage that ensued when it was discovered that people’s iPhones kept map of where they had been in a hundred mile radius. Turned out it was to more quickly join Wi-Fi networks, if I recall correctly, and was data that stayed on the iPhone. I had several friends who were “upset” to find that out. But none of them seem to give a shit that Facebook records their physical location all the time and not for something as simple as connecting to Wi-Fi. Double standard much, people?
    100% agree.  It wouldn't be quite so bad if like Google FB was just using this information to make money from 'you the product' but the way FB has been used by third parties to influence the minds of the already incredibly gullible user base is like something out of a dystopian science fiction movie.  It has literally been responsible for unimaginable horrors and countless wars around the world and huge political upheavals and lurches to the extreme right in many countries.  It isn't FB doing this but it is FB providing the tools for those perpetrating these machinations. These players clearly include states as well as extremist groups. People using FB, for the most part, are like sheep and to mix my sayings these sheep look to FB as their Piped Piper.
    edited April 2019 watto_cobra
  • Reply 17 of 19
    65026502 Posts: 382member
    Johan42 said:
    6502 said:
    Facebook having a security breach is no longer a story. It's expected. I closed my account years ago and don't even miss it.
    Too late. Your entire life has been compromised. Now you’ll have to live under a rock with a tinfoil hat on your head so the big bad aliens can’t find you to steal your job, riches, and privacy.
    Where can I buy tin foil? They seem to only sell aluminum foil in stores. Will that work too?
    watto_cobra
  • Reply 18 of 19
    StrangeDaysStrangeDays Posts: 13,103member
    sflocal said:
    FB cannot keep any data secure, it has more leaks than s sinking ship, yet unlike the ill-fated Titanic, FB magically stays afloat with most of its loyal followers rinsing onboard.  Bottom Line:  do not place any data or say anything on any social media that you would not want the world to know about.  
    Which is why I don’t see the big deal with FB’s data.  It’s all data that users post, most accessible by the public on some level so people making a fuss about this is strange.
    No it isn't (all user posts). The data includes phone numbers, emails, third-party app data that use FB for various backend systems, user demographics & interests, and the contents of FB user's smartphone contacts, which can includes people not even on FB! All of which should be adequately safeguarded, but isn't.

    Sorry, but that's a naive view of what data FB has.
    edited April 2019 watto_cobra
  • Reply 19 of 19
    sphericspheric Posts: 2,703member
    6502 said:
    Johan42 said:
    6502 said:
    Facebook having a security breach is no longer a story. It's expected. I closed my account years ago and don't even miss it.
    Too late. Your entire life has been compromised. Now you’ll have to live under a rock with a tinfoil hat on your head so the big bad aliens can’t find you to steal your job, riches, and privacy.
    Where can I buy tin foil? They seem to only sell aluminum foil in stores. Will that work too?

    watto_cobra
Sign In or Register to comment.