Facebook “unintentionally uploaded” the email contacts of 1.5 million users without their knowledge or consent when they first opened their accounts.
Since May 2016, new users to the social media site were asked to verify accounts with their email passwords when they signed up. Facebook then imported users’ contacts without first asking permission, Business Insider reported.
A Facebook spokesperson told FOX Business that the company was deleting the contact data. The spokesperson also said Facebook did not access the content of users’ emails, nor did they share the information with anyone.
Facebook has since discontinued the email password verification requirement.
"We've fixed the underlying issue and are notifying people whose contacts were imported," the spokesperson said.
One day later, during the long-awaited release of the Mueller report, Facebook revealed in a blog post that it had stored millions of user passwords unencrypted on its servers. When the company initially addressed the problem late last month, it said tens of thousands of Instagram users would be impacted; now, it's saying it could affect millions of users.
"Our investigation has determined that these stored passwords were not internally abused or improperly accessed," the blog said.
It’s the latest privacy misstep for Facebook, which has faced a slew of controversies over the past year, including a scandal in which the British consulting firm Cambridge Analytica gathered personal information from 87 million without their consent.