The New York attorney general's office will investigate Facebook's "unauthorized collection of 1.5M of their users' email contact databases." Earlier this month, it emerged the company had been scraping the contact lists of some users who joined the service after 2016.
Facebook claims 1.5M contact databases were harvested by its email verification process, but the total number of people whose information was improperly obtained may be hundreds of millions.
It's time Facebook be held accountable for how it handles consumers' personal info.
— NY AG James (@NewYorkStateAG) April 25, 2019
Facebook said the data collection was "unintentional," and it was linked to a discontinued verification method in which it asked new users for their email password (it's a bad idea to share that with anyone, to be clear). The social network reportedly used the information to refine its ad targeting processes and friend connections, though it didn't tell users it was collecting their contact lists. It has since ended the data collection practice and said it will delete the contacts.
The investigation will explore how the data collection happened, according to the New York Times, as well as whether the practice impacted more Facebook users beyond those who shared their email passwords.
"It is time Facebook is held accountable for how it handles consumers' personal information," Attorney General Letitia James said in a release. "Facebook has repeatedly demonstrated a lack of respect for consumers' information while at the same time profiting from mining that data. Facebook's announcement that it harvested 1.5 million users' email address books, potentially gaining access to contact information for hundreds of millions of individual consumers without their knowledge, is the latest demonstration that Facebook does not take seriously its role in protecting our personal information."
Facebook has had to contend with several privacy mishaps lately, including an incident last fall in which a breach exposed the accounts of around 30 million users. In March, it admitted its employees had access to hundreds of millions of Facebook users' passwords, which were stored in plain text. It said last week millions of Instagram passwords had been stored in a similar way.
The attorney general's investigation is the latest in a long line of recent legal problems for Facebook. Just today, Canada's privacy commissioner announced plans to take the company to federal court, claiming it had broken laws over its part in the Cambridge Analytica scandal. Facebook is also expecting to pay up to $5 billion to settle a Federal Trade Commission fine.