Facebook has been recently involved in another password-related mess.
As reported by Business Insider, the social media large unknowingly uploaded the e-mail contacts of one.5 million users United Nations agency had simply signed up to the network.
The issue stems from when Facebook asked new users for their email passwords at sign-up, an odd request by a cyber-security researcher by the name of “e-sushi.”
Facebook ended the practice shortly after it was called out on it, but it turns out users who had entered their passwords likely had their contacts scraped anyway without their permission. The company said it is in the process of deleting the contacts.
“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,” statement said by Facebook spokesperson.
“When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5 million people’s email contacts may have been uploaded.
“These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”
It follows the revelation that Facebook stored hundreds of millions of passwords in plain text, although the company said there was no evidence the passwords were “abused or improperly accessed.”