Facebook has collected about 1.5 million email addresses from unauthorized users since May 2016. At the time, one of the social network sign-up steps asked for the user's personal email password as a way to authenticate login, but a bug automatically imported contacts from the email address into Facebook.
READ: Facebook surprises and can launch long-awaited function
The social network said on Thursday (18) that the security hole has already been fixed, and that all data has been deleted from the server. Facebook notifies accounts hit by the issue, and ensures that email contacts have not been shared with anyone.
Facebook security bug collected users email contacts on first access social network Photo: Melissa Cruz / TechTudo
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
When creating a Facebook account, the social network asked the user for the password of the personal email as a way to confirm the identity of the profile. The purpose of the functionality is that the platform itself should log in to the email to check if the verification message has been sent to the given address. Shortly after filling in the data, Facebook offered the user the option to import contacts from the email platform, and a security error performed the action regardless of the person's choice.
The Facebook account sign-in authentication step by providing a personal email password has received strong criticism from digital security experts, because of the risk of a potential critical vulnerability exposing important user data in the future. The social network then deactivated the verification step in March.
In a press statement, the Zuckerberg company announced: We estimate that 1.5 million email contacts have been collected. These contacts have not been shared with anyone and are being deleted. We fixed the bug and are notifying people who have had their contacts imported. People can review and manage the contacts they share in their Facebook settings.
More security scandals
Last year, the social network went through a series of scandals involving the privacy and security of user data. One of the main cases is the leakage of 50 million profile information to the political marketing company Cambridge Analytica.
In September 2018, a hacker attack hit 50 million Facebook accounts from exploiting a see-how failure. The attacks on profiles generated access to posts, friends lists, groups, locations, among other information. To prevent the attack from escalating, Facebook has logged out of all devices users who have been hacked.
Facebook notified hacker attack last year Photo: Anna Kellen Bull / TechTudo
After the problems caused by the lack of security with user data, Mark Zuckerberg announced the integration between Facebook, Instagram and Messenger, which will bring a single chat to the profiles of each social network. The move seeks to deploy end-to-end encryption, which is currently only used in WhatsApp, to protect content sent between users via Messenger and Instagram chat.
Which app is better: WhatsApp or Facebook Messenger? Give your opinion on the TechTudo Forum.
How to delete or archive multiple Facebook posts at once