Facebook uploaded 1.5 million email addresses without permission. Find out if you played a role

You might have accidentally compromised a friend's privacy -- but you can also fix it.

Katie Teague Writer II
Katie is a writer covering all things how-to at CNET, with a focus on Social Security and notable events. When she's not writing, she enjoys playing in golf scrambles, practicing yoga and spending time on the lake.
Expertise Personal Finance: Social Security and taxes
Katie Teague
3 min read
Facebook login

Recently, Facebook admitted that it "unintentionally" imported the email contact lists from 1.5 million people without their consent, starting from May 2016. Even if you don't have a Facebook account, you might have been affected if one of your friends signed up for a new account. And if a friend of family member got a new account, either for the first time or as a professional or business page, it might be your email address that's feeding the social network's ad targeting and friend recommendation systems.

While Facebook no longer requires your password to sign up for an account, this is the latest incident to shake confidence in Facebook's ability to protect its roughly 2.3 billion users.

You can check to see if your contacts were uploaded, and can delete your contact list from Facebook's cache.

Angela Lang/CNET

Deleting your imported contacts

Unfortunately, unless Facebook contacts you, the only way to know if your contacts were imported is to look at your Uploaded Contacts. Here's how.

Step 1: Once you're logged into Facebook on your Android or iPhone , tap the three stacked lines and select Settings from Settings & Privacy . If you're using a desktop, click on the down arrow and select Settings.

Step 2: Scroll down to the Your Facebook Information section (desktop users will need to click on this)and tap Access Your Information.

Step 3: Scroll down to the Information About You section. Tap About You and select Your Address Books.

You'll be taken to a page that says Manage Your Invites and Uploaded Contacts. This screen shows you all of your contacts that have been imported. If you don't see a long list of contacts, then your account has not been affected and you don't need to continue to the next steps. Hint: It will say "You don't have any imported contact information."

Step 4: Click "Delete All". This will remove all of your contacts that were imported from your email account, but you will need to follow the next steps to keep them from importing.

Read: Facebook really doesn't seem to understand privacy or security


Facebook Messenger comes in dark mode now, by the way.

Jason Cipriani/CNET

How to keep Facebook from uploading your friends' email addresses

To prevent these contacts from being imported again, follow the next steps on each device you have logged in to Facebook -- yes, that means your phone and your tablet. Yes, it's a pain to have to do this multiple times. But your friends will thank you for not sharing their information.

Step 1: Tap the stacked three lines at the top of the app and select Settings & Privacy. Tap Settings.

Step 2: Scroll down to the Media and Contacts section. Tap Upload Contacts.

Step 3: Swipe the button to the left to disable contacts from automatically uploading. Again, make sure you do this for every device you have Facebook on.

Watch this: Google and Amazon make peace, Facebook collects data without permission

What if I use the Facebook Messenger app?

It's simple! Tap on your profile picture in the top left corner. Tap People and then tap Upload Contacts to switch the setting off. Do this for all devices using Messenger.

When you turn off contact uploading, all of the contacts you've uploaded to Messenger -- intentionally or not -- will be deleted.

Read: Once you turn on dark mode in Facebook Messenger, you'll never go back

Permanently delete Facebook

Step 1: Go to settings > Your Facebook Information.

Step 2: If you're using your phone, tap Account Ownership and Control. If you're using a computer, click Delete Your Account and Information.

Step 3: On your phone: Select Delete Account and continue. On a computer: Click Delete My Account.

Step 4: You will be prompted to enter your password. Select Continue and then "Delete Account."

Be sure to save any photos or videos you want before you delete your account. After you delete your account, you won't have access to anything on your profile anymore.

Originally posted April 23, 2019.