Email contacts of new Facebook users have been "unintentionally uploaded" since May 2016, with the total count amounting to 1.5 million.
This has been going on for the past three years, and the users signing up weren't informed about it and, thus, didn't give their consent.
Facebook's Accidental Upload
As reported by Business Insider, a security researcher unearthed the practice when they found out that Facebook was asking new users to enter the passwords of their emails upon signing up for verification purposes.
"When we looked into the steps people were going through to verify their accounts we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account," a Facebook spokesperson told the news outlet.
Business Insider then discovered that once an email password has been entered, a message would pop up and say it was "importing" their contacts, all of which happened without permission from the user.
What Was Facebook's Motive?
A spokesperson for Facebook has confirmed to Business Insider that the 1.5 million email contacts were harvested through this method.
According to them, the company did this not only to help build the company's web of social connections and recommend more friends to add, but it also did it to improve its ad targeting.
Facebook's Response To The Privacy Blunder
Facebook explains that it rolled out an option that allowed users to verify their accounts and upload their contacts as well in one go before May 2016. Eventually, it was updated in which the text that told users about the process of importing contacts was removed but the functionality wasn't.
The spokesperson also made it clear that the company didn't access the users' email contents.
Facebook intends to delete all the contacts it accidentally gathered and inform everyone that was affected by the issue. It has also fixed the problem so that others won't fall victim to it moving forward.