geoff@iconia.com
Date: Thu, 18 Apr 2019 08:05:53 -1000
EXCERPT:
Facebook has admitted to `unintentionally' uploading the address books of
1.5 million users without consent, and says it will delete the collected
data and notify those affected.
https://www.theguardian.com/technology/facebook
The discovery follows criticism of Facebook by security experts for a feature that asked new users for their email password as part of the sign-up process. As well as exposing users to potential security breaches, those who provided passwords found that, immediately after their email was verified, the site began importing contacts without asking for permission.
Facebook has now admitted it was wrong to do so, and said the upload was inadvertent. ``Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,'' the company said. ``When we looked into the steps people were going through to verify their accounts we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account, We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we're deleting them. We've fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.''
The issue was first noticed in early April, when the Daily Beast reported on Facebook's practice of asking for email passwords to verify new users. The feature, which allows Facebook to automatically log in to a webmail account to effectively click the link on an email verification itself, was apparently intended to smooth the workflow for signing up for a new account. https://www.thedailybeast.com/beyond-sketchy-facebook-demanding-some-new-users-email-passwords
But security experts said the practice was `beyond sketchy', noting that it gave Facebook access to a large amount of personal data and may have led to users adopting unsafe practices around password confidentiality. The company was ``practically fishing for passwords you are not supposed to know,'' according to cybersecurity tweeter e-sushi who first raised concern about the feature, which Facebook says has existed since 2016... https://twitter.com/originalesushi%3Flang%3Den
https://www.theguardian.com/technology/2019/apr/18/facebook-uploaded-email-contacts-of-15m-users-without-consent