UPDATE: Facebook admitted today (April 18) that "millions" of Instagram passwords had been stored in plaintext on Facebook servers. But that's another story.
Remember a couple of weeks back when we found out Facebook was asking for some new users' email passwords? Turns out Facebook just happened to grab the email contact lists of 1.5 million users provided the social networking giant with their passwords.
"We found that in some cases, people's email contacts were also unintentionally uploaded to Facebook when they created their account," a company spokesman told Business Insider.
Granted, this isn't terribly different from Facebook grabbing all your contacts (presumably with your permission) when you install the Facebook app on your Android or iOS smartphone. Hundreds of millions of people have already gone through that, so another 1.5 million sets of contacts is just a drop in the bucket.
But it does show, once again, how sloppy the "move fast and break things" company can be with what, at the end of the day, is still your data and not Facebook's.
This latest Facebook facepalm was broken by Business Insider, whose staffers decided earlier this month to see what happened if you gave Facebook your email password. They noticed that a notification bubble popped up stating "Importing contacts," although the user's permission had not been asked.
Business Insider asked Facebook about this, and got a reply yesterday (April 17). As Business Insider put it, "Facebook disclosed ... that 1.5 million people's contacts were collected this way and fed into Facebook's systems, where they were used to improve Facebook's ad targeting, build Facebook's web of social connections, and recommend friends to add."
Again, that's pretty much what Facebook does with the email contacts it hoovers up from your smartphone. But at least in those cases, it asks first.
Business Insider theorizes that "the total number of people whose contact information was improperly obtained by Facebook may well be in the dozens or even hundreds of millions," but let's be honest -- Facebook probably has most of those email addresses already.
Facebook told Business Insider that it plans to notify the 1.5 million users whose contact lists were uploaded, and to delete the ill-gotten data from its databases.