Facebook Harvested Over 1.5 Million Users’ Email Password Without Their Consent

Facebook has been harvesting the personal information of more than 1.5 million accounts when they first sign up for it since May 2016.

This information came out after e-sushi, a pseudonymous security researcher, found out that Facebook asked some new users to reveal their email password to verify their account. This is one of the acts that has been considered a red flag by security experts. And when people enter the password, there will be a message saying that your information is being imported without you giving your consent.

At first, no one knows why what happened then but after that, Facebook confessed that it uploaded the data to its system to enhance its ability to target advertisements as well as friend recommendations.

In May 2016, Facebook’s representative announced that users could verify their accounts by giving away their email password. The company had changed that, and the message in question was gone; however, they still kept the practice. About the concerns of whether Facebook used the passwords it harvested to access unauthorizedly to users’ emails, the spokesperson denied and said that the company did not do such a thing.
The number 1.5 million users are just those whose contact information was harvested directly, the number of people Facebook has had access to information can be much more than this, because each person may have hundreds of other contacts stored in their email accounts. When asked about the total number obtained in the second way, the representative could not be more specific and provided an accurate figure.

Facebook Did Not Ask For Users’ Permission Before Harvesting Their Data

The picture below is the window asking users to enter their email password when they sign up. When they are done and click on “connect,” Facebook will start taking data without asking for users’ consent first.

When you have chosen to “connect,” there will be a box popping up telling you that it is “importing contacts.” When Facebook is in the middle of the process, users do not have the choice to cancel or stop it.

From One Scandal To Another

In the last two years, the social network has been continuously under fire and criticism regarding the way it handles users’ sensitive personal data. In the first few months of 2018, the Cambridge Analytica scandal put the company from one trouble to another. It even brought Mark Zuckerberg to courts for a few times. After the news broke out, it came to the public notice that the political firm had had their hands on the information of tens of millions of users using Facebook.

When our memory of the Cambridge Analytica scandal was still fresh, another incident was leaked, revealing that Facebook had been storing users’ password in plain texts, a practice not recommended by security experts. The number of people involved reached hundreds of millions. In the next few days, the company will notify people who are affected by this latest data breach and then remove the information it has harvested from its system.

In the latest statement made by Facebook’s representative, the company no longer used email’s password as a way to verify users’ accounts when they first register. They had also look through all the steps people have to take to sign up, and they found out that sometimes such sensitive information is uploaded unintentionally. The spokesperson also confirmed that these data were not leaked anywhere else, 1.5 million people affected would be notified, and they are deleting the information out of their system. If users wanted to see what information they had shared with the social network, they could check in the setting section.