Facebook has admitted that it "unintentionally" uploaded email contacts of as many as 1.5m users without their permission, in the social network's latest privacy blunder.
It said the issue stemmed from a -design change to its step-by-step verification process for users setting up an account, made three years ago.
It meant that when users signed up to Facebook using their email address and password, they were not always aware that their email contacts were being uploaded to the site. Facebook said the contacts had not been "shared with anyone and we're deleting them", adding that the issue had been fixed and it was notifying people affected.
Last night Facebook also revealed that millions of Instagram users' passwords were stored in plain text on its servers, making them potentially accessible to employees.
Last month it said that tens of thousands of Instagram users were also affected when it revealed 600m Facebook users' passwords were not encrypted.