Facebook Collected and Uploaded 1.5 Million People’s Email Contacts Without their Knowledge

Facebook revealed that it has harvested and uploaded 1.5 million users email contacts who sign up for the social network since 2016.

The email address was scrapped when Facebook asks users to enter their passwords who signed up for new accounts to verify their identities.

Facebook Spokesperson confirmed that, 1.5 million people’s contacts were collected this way, and fed into Facebook’s systems, where they were used to build Facebook’s web of social connections and recommend friends to add.

It was still unknown whether these contacts are used for ad-targeting purposes. Facebook says the data was “unintentionally uploaded to Facebook,” and now deleting them reported Businessinsider.

The social media giant said that they didn’t realize the activity up to April of this year and starting from last month the company stopped offering email password as a verification option.

Facebook said that the data was mistakenly collected and has not been shared with anyone outside of Facebook. The social media giant preparing to notify all the affected 1.5 million users.

This incident indicates, once again Facebook failed in protecting the user data, they stored hundreds of millions of users password in plain text instead of masking it as a human-readable format.

Starting this month, upguard found third-party Facebook app datasets that include comments, likes, reactions, account names, FB IDs exposed to the public Internet.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

North Korean Hackers Use Social Engineering and Python Scripts to Execute Stealthy Commands

North Korean threat actors have demonstrated their adept use of social engineering techniques combined with…

8 minutes ago

Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed

Gcore, the global edge AI, cloud, network, and security solutions provider, has launched Super Transit,…

4 hours ago

Windows Active Directory Vulnerability Enables Unauthorized Privilege Escalation

Microsoft has urgently patched a high-risk security vulnerability (CVE-2025-29810) in Windows Active Directory Domain Services…

4 hours ago

Adobe Security Update: Patches Released for Multiple Product Vulnerabilities

Adobe has announced critical security updates for several of its popular software products, addressing vulnerabilities…

4 hours ago

HollowQuill Malware Targets Government Agencies Globally Through Weaponized PDF Documents

In a disturbing escalation of cyber threats, a new malware campaign dubbed 'HollowQuill' has been…

5 hours ago

New Mirai Botnet Variant Exploits TVT DVRs to Gain Admin Control

GreyNoise has noted a sharp escalation in hacking attempts targeting TVT NVMS9000 Digital Video Recorders…

6 hours ago