Facebook recently stated that the company has stopped using email password verification as a method to verify users when they first signed up for Facebook. As it turns out, the email contacts of 1.5 million people have been uploaded to Facebook through this method.
Facebook clarifies that these contacts were not shared with anyone and that the social media platform is in the process of deleting them. It will also notify users that are affected by this issue.
According to Business Insider, a security researcher first noticed that Facebook was asking some users to enter the password for their emails during the signup process. Once they complied, it will then lead to a popup message that said “importing“, without prompting you for permission. The email contacts were apparently used to build Facebook’s social connections and to recommend friends for users to add.
This incident is yet another example of questionable privacy policies that Facebook might have practised. Prior to this, it has also been revealed that the company was saving user passwords in plain text, as well as sharing user data with other companies.
(Source: Business Insider.)