Facebook Has “Unintentionally” Stored Email Contact Lists of 1.5 Million Users

Last updated July 12, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist
Image Credits: Brian Solis / Image Source: commons.wikimedia.org

In the start of April, we reported on how Facebook was asking new users for their email passwords as a verification step for the creation of their accounts. The public backlash from the revelation was once again a notable one, and Facebook admitted that it was a wrong method and assured the world that this information was not stored in their servers anyway. According to a piece published by Business Insider, however, they simply lied. Facebook did store the lists of contacts of all the people who authenticated themselves on the platform via email password handover, and that’s about 1.5 million users.

A Facebook spokesperson has clarified that this whole contact list importation and storage happened by mistake, and remained on the company’s servers for three years unintentionally. The social media platform was popping a message saying “importing your contacts” upon the entering of the personal email password, but there was no permission dialog, nor a way to stop it once the procedure was launched. Most of the people who willy-nilly entered the password of their personal email accounts on Facebook didn’t even notice or care about that little detail anyway.

facebook_authenticating

"We are importing your contacts list, and there's nothing you can do about it. On a side note, you got yourself authenticated, so cheer up!"
Image source: businessinsider.in

Facebook has probably used the contact lists to improve their ad-targeting functionality, as well as to push more relevant "friend recommendations". However, representatives of the tech giant claim that this type of information was kept away from their algorithms since 2016, so the data remained dormant and allegedly forgotten. Since it’s the contacts list of 1.5 million users we’re talking about, Facebook must have gathered the data of a jaw-dropping number of people who never consented to have their names and other personally identifiable information on Facebook’s servers, let alone be used for ad targeting.

Facebook has stopped offering the option of email password verification and has now started deleting whatever contacts lists are stored on their servers. However, even if this was indeed an accidental and unintended action, it has become impossible for even those with the best intentions to believe them. In the year 2019, and with the media having to report serious security and user data mishaps concerning Facebook every week, one wonders how many billions of people are still weighing their data and privacy lighter than their presence in the world’s largest social media network.

Since you still are though, we are keeping our Facebook and Twitter communities up, helping you grab the news while they are still fresh, as well as letting you share your thoughts with others. Also, don’t forget that you can leave your comments down below.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: