18 April 19, 12:39
(This post was last modified: 18 April 19, 12:40 by silversurfer.)
Quote:Facebook "unintentionally" uploaded and stored email contact information belonging to roughly 1.5 million users over the course of three years.
The issue came to light after a security researcher notified the social media giant of a controversial verification system implemented for some users, in which they were asked to provide their email address credentials.
A practice woeful in itself and one that Facebook said that in hindsight was "not the best way" to go about verification, despite the company's promise to stop asking for these details, the security ramifications, it seems, went even deeper than first reported.
According to Business Insider, some of the users attempting to sign up for the first time who were asked for their email credentials would also see a pop-up message which notified the individual that their email contacts were being "imported" for the purposes of building up social connections.
Asking for the key to an email account for verification purposes on a third-party domain is bad enough and is not recommended in the interests of security. However, harvesting contact data contained in these accounts -- without consent -- is even worse.
A Facebook spokesperson said roughly 1.5 million users were involved and the upload of such information first began in May 2016.
Impacted users will be notified over the coming days and the social network is actively deleting their email contact information from internal systems.
SOURCE: https://www.zdnet.com/article/facebook-h...ermission/
![[-]](https://www.geeks.fyi/images/collapse.png)
