Source: Anthony Quintano, Flikr| CC BY 2.0 | Cropped & Resized

It seems Facebook just can’t stop screwing up and messing around with user data. This time, the social network has confirmed a report that suggested the company uploaded over 1.5 million email addresses from users’ contact lists.

Business Insider yesterday reported Facebook has uploaded the contact lists without permission when users signed up for the service since May 2016.

The activity was spotted by a security research who noted Facebook wanted users to enter their email password when creating a new account. If the user agreed, the network would notify with a “importing your contacts”.

There was no way to opt out from this stage. Worse, it seems Facebook was doing this on purpose. As soon as the process was complete, the company deleted the notification. However, engineers for the network forgot to remove the underlying code.

Confirmation

In response to the report, Facebook issued a statement. The company says it stopped its email verification method last month and is now deleting the uploaded contact information.

“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account.

“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”

Speaking to BI, the company said the information was used for recommending friends to users. However, it also said the uploaded content was used to “improve ads”.