Zuckerberg
Facebook co-founder, Chairman and CEO Mark Zuckerberg testifies before the House Energy and Commerce Committee. The government is set to levy a multi-billion dollar fine on Facebook for its rash of privacy lapses. Chip Somodevilla/Getty Images

Facebook continues to be in hot water for a variety of reasons, and now another one has been added to the list. Facebook has admitted that it has harvested the email contacts of a sizeable number of users in the past few years.

According to a report from Insider, social media giant Facebook has been collecting the list of contacts around 1.5 million users have in their email accounts since May 2016.

According to e-sushi, the pseudonymous security researcher who discovered the devious act, Facebook did this without permission by forcing new users to provide the passwords to their email accounts before they could use their new Facebook account.

“Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view,” e-sushi tweeted. “By going down that road, you're practically fishing for passwords you are not supposed to know!”

New users who enter their email and password are greeted by a pop-up box that says their email contacts are being uploaded without asking the user’s permission, Business Insider reported.

After being asked for comment, Facebook told Business Insider about what they did, saying they harvested the data in this manner, "unintentionally uploaded" it into their systems, and used the data to improve the social network

These improvements included their using the information to enhance their ad targeting methods, enlarging their web of social connections, and improving the way they recommend friends to users.

A Facebook spokesperson then said they are stopping the harvest of user information. The spokesperson, however, did not give a specific timeframe as to when it will end or has actually ended.

Still, no matter what the explanation or justification, the way they collected the information is wrong. Security experts warn people to avoid sharing or inputting their passwords in places where they aren’t meant for. By doing this, people can be kept safe from phishing scams out to get private information.

Taking advantage

Earlier reports showed documents revealing how Facebook shared private user data to CEO Mark Zuckerberg’s “friends” -- partners and other businesses that can help the social network -- in order to gain an advantage over the competition.

So far, Facebook hasn’t been accused of breaking laws. Still, Zuckerberg stands accused of taking advantage of the people’s trust in the global network.

facebook screen
A picture taken in Paris on May 16, 2018 shows the logo of the social network Facebook on a broken screen of a mobile phone. AFP/Getty Images/Joel Saget