Facebook said on Wednesday it may have uploaded email contacts of 1.5 million new users since May 2016, in what seems to be the latest privacy-related issue faced by the social media company.
In March, Facebook had stopped offering email password verification as an option for people who signed up for the first time, the company said. There were cases in which email contacts of people were uploaded to Facebook when they created their account, the company said.
“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we are deleting them,” Facebook said, adding that users whose contacts were imported will be notified.
The underlying glitch has been fixed, according to the company.
The privacy breach came to light when a security researcher questioned why Facebook was asking for email passwords when new users signed up with the platform.
Facebook has lost significant user trust in recent months. On Tuesday, NBC reported that it had leaked documents showing that "Mark Zuckerberg leveraged Facebook user data to fight rivals and help friends." The 4,000 pages of internal documents implicated Zuckerberg as well as Facebook's board and senior management in finding "ways to tap Facebook’s trove of user data — including information about friends, relationships and photos — as leverage over companies it partnered with. In some cases, Facebook would reward favored companies by giving them access to the data of its users. In other cases, it would deny user-data access to rival companies or apps."
Last month, Facebook "admitted exposing passwords belonging to hundreds of millions of users... storing them in a readable format within its internal data storage systems." This resulted in the passwords being searchable by employees. But on Thursday, Facebook siad that it estimated that "millions" of Instagram users were affected by the lapse, instead of the "hundreds of millions" of Facebook Lite users and millions of Facebook users.
A week ago, the U.K. announced proposals for "tough new measures to ensure the U.K. is the safest place in the world to be online," claiming these to be the world's "first online safety laws." The proposals included independent regulation with enforcement powers, and, critically, the potential for both social media companies and their execs to be held to account.
Last year, Facebook came under fire following revelations that Cambridge Analytica, a British political consulting firm, obtained personal data of millions of people’s Facebook profiles without their consent.
The company has also been facing criticism from lawmakers across the world for what has been seen by some as tricking people into giving personal data to Facebook and for the presence of hate speech and data portability on the platform.