Is your data safe with Facebook?
After getting caught storing “hundreds of millions” of account passwords in plain text last month — a flabbergasting breach of good data security practices — Facebook has been busted in another security snafu, admitting yesterday that it “unintentionally uploaded” email contacts of some 1.5 million new users since May 2016, Business Insider reports.
The extent of the damage caused by the glitch is still unclear, but Facebook says it’s fixed the problem.
Business Insider first discovered the glitch, which caused Facebook to collect email contacts of newly signed-up users without their consent. Security researcher e-sushi first uncovered the glitch.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019
It’s a damning revelation — and Facebook fell short, as usual, of a particularly convincing mea culpa.
“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,” a statement from Facebook read, as quoted by Business Insider.
READ MORE: Facebook says it ‘unintentionally uploaded’ 1.5 million people’s email contacts without their consent [Business Insider]
More on Facebook leaks: Facebook Stored “Hundreds of Millions” of Passwords as Plain Text