The EFF (Electronic Frontier Foundation) made this discovery when testing out Facebook’s password-grabbing tool with a burner Yandex email address. The researchers from the EFF entered their burner email, the password to the burner email account, and then clicked “Connect to yandex.com.”
This caused an overlay with a status bar to appear which said “Importing contacts.” Since the EFF researchers were using a burner account, Facebook was unable to find any contacts but it still tried to pull information about all of their contacts from this email account.
During their research, the EFF also discovered that a Facebook tool called “Find Your Friends” was asking users to enter their email address and password in order to find friends based on their email contact data.
Unfortunately, this wasn’t the only privacy blunder from Facebook this week. It also managed to expose 540 million supposedly private records which contained Facebook IDs, personal messages, likes, shares, on Amazon Cloud.
The company also doubled down on this series of privacy fails by paying for positive coverage in The Daily Telegraph and continuing to wage war on “hate speech” without actually defining what “hate” is.