Facebook has admitted that it “unintentionally” uploaded the email contact lists of over 1.5 million of its users without permission, according to Business Insider.
The data was harvested through a system that verified the identity of new users, which asked them to supply the email password and made a copy of their contacts.
Facebook said it has now changed the way it handles new users and that all the users whose contacts were taken would be notified, while the contacts would be deleted.
The information could have been used by Facebook to map users’ social and personal connections.
The collection of contacts started in 2016, and the company’s spokesperson could not provide a figure for the total number of contacts collected through the practice, but it could be as many as hundreds of millions as many people may have had hundreds of contact stored on their email accounts.