Galaxy S23 Ultra First Look After Layoffs, Meta Focuses on 'Efficiency' Everything Samsung Revealed at Unpacked 'Angel Wings' for Satellites 'Shot on a Galaxy S23' GABA and Great Sleep Netflix's Password-Sharing Crackdown 12 Best Cardio Workouts
Want CNET to notify you of price drops and the latest stories?
No, thank you

Facebook uploaded 1.5 million email addresses without permission. Find out if you played a role

You might have accidentally compromised a friend's privacy -- but you can also fix it.

Facebook login

Recently, Facebook admitted that it "unintentionally" imported the email contact lists from 1.5 million people without their consent, starting from May 2016. Even if you don't have a Facebook account, you might have been affected if one of your friends signed up for a new account. And if a friend of family member got a new account, either for the first time or as a professional or business page, it might be your email address that's feeding the social network's ad targeting and friend recommendation systems.

While Facebook no longer requires your password to sign up for an account, this is the latest incident to shake confidence in Facebook's ability to protect its roughly 2.3 billion users.

You can check to see if your contacts were uploaded, and can delete your contact list from Facebook's cache.

Angela Lang/CNET

Deleting your imported contacts

Unfortunately, unless Facebook contacts you, the only way to know if your contacts were imported is to look at your Uploaded Contacts. Here's how.

Step 1: Once you're logged into Facebook on your Android or iPhone ($706 at Amazon), tap the three stacked lines and select Settings from Settings & Privacy. If you're using a desktop, click on the down arrow and select Settings.

Step 2: Scroll down to the Your Facebook Information section (desktop users will need to click on this) and tap Access Your Information.

Step 3: Scroll down to the Information About You section. Tap About You and select Your Address Books.

You'll be taken to a page that says Manage Your Invites and Uploaded Contacts. This screen shows you all of your contacts that have been imported. If you don't see a long list of contacts, then your account has not been affected and you don't need to continue to the next steps. Hint: It will say "You don't have any imported contact information."

Step 4: Click "Delete All". This will remove all of your contacts that were imported from your email account, but you will need to follow the next steps to keep them from importing.

Read: Facebook really doesn't seem to understand privacy or security


Facebook Messenger comes in dark mode now, by the way.

Jason Cipriani/CNET

How to keep Facebook from uploading your friends' email addresses

To prevent these contacts from being imported again, follow the next steps on each device you have logged in to Facebook -- yes, that means your phone and your tablet. Yes, it's a pain to have to do this multiple times. But your friends will thank you for not sharing their information.

Step 1: Tap the stacked three lines at the top of the app and select Settings & Privacy. Tap Settings.

Step 2: Scroll down to the Media and Contacts section. Tap Upload Contacts.

Step 3: Swipe the button to the left to disable contacts from automatically uploading. Again, make sure you do this for every device you have Facebook on.

Now playing: Watch this: Google and Amazon make peace, Facebook collects data...

What if I use the Facebook Messenger app?

It's simple! Tap on your profile picture in the top left corner. Tap People and then tap Upload Contacts to switch the setting off. Do this for all devices using Messenger.

When you turn off contact uploading, all of the contacts you've uploaded to Messenger -- intentionally or not -- will be deleted.

Read: Once you turn on dark mode in Facebook Messenger, you'll never go back

Permanently delete Facebook

Step 1: Go to settings > Your Facebook Information.

Step 2: If you're using your phone, tap Account Ownership and Control. If you're using a computer, click Delete Your Account and Information.

Step 3: On your phone: Select Delete Account and continue. On a computer: Click Delete My Account.

Step 4: You will be prompted to enter your password. Select Continue and then "Delete Account."

Be sure to save any photos or videos you want before you delete your account. After you delete your account, you won't have access to anything on your profile anymore.

Originally posted April 23, 2019.