For social giant Facebook, there is no need to be shocked, no matter what happens, for example, a new report claims that Facebook secretly collects 1.5 people’s email contacts.
Security researcher e-sushi, after perceiving this clue, questioned on the social platform, noting that Facebook asked users to enter their email password to verify their identity when registering for a new account. This move has been widely condemned by security experts.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019
A Facebook spokesperson announced that it “offered an option to verify a user’s account using their email password and voluntarily upload their contacts at the same time. However, they said, the company changed the feature, and the text informing users that their contacts would be uploaded was deleted — but the underlying functionality was not” before May 2016, and subsequently said that the feature was changed and notified users that the uploaded contacts will be deleted, but in fact, the feature not canceled.
Facebook currently plans to notify the affected 1.5 million users in the next few days and remove their contacts from the system. Here is the full text of Facebook’s statement on this incident:
“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their setting.”