Facebook has admitted to harvesting 1.5 million users’ email contacts without their consent, but claims it did so “unintentionally”.
The social network began collecting contact lists following a design change to its platform nearly three years ago.
In May 2016, Facebook offered email password verification but removed any explanation from the process that the new users’ contact lists would be uploaded to Facebook’s servers.
So while only 1.5 million Facebook users were effected, it is possible tens of millions or even hundreds of millions of email contacts were actually gathered by Facebook without permission.
It is the latest in a series of scandals that have beset the technology giant in recent years and comes just a day after it was revealed CEO Mark Zuckerberg gave access to sensitive user data to dozens of app developer friends.
Privacy advocates have labelled the latest revelations a major infringement on people’s digital rights, with some suggesting that Facebook could face further legal action.
“This is one of the most legally actionable behaviours by Facebook to date,” tweeted Ashkan Soltani, a former chief technology officer for the US Federal Trade Commission (FTC).
“I’m confident regulators will be taking a look.”