Attorney General James Announces Investigation Into Facebook

Company Harvested 1.5 Million Users’ Contact Databases Without Authorization 

NEW YORK – Attorney General Letitia James today announced an investigation into Facebook’s unauthorized collection of 1.5 million Facebook users’ email contact databases. While Facebook claims that 1.5 million contact databases were directly harvested by its email password verification process for new users, the total number of people whose information was improperly obtained may be hundreds of millions.  

“It is time Facebook is held accountable for how it handles consumers' personal information,” said Attorney General Letitia James. “Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data. Facebook’s announcement that it harvested 1.5 million users’ email address books, potentially gaining access to contact information for hundreds of millions of individual consumers without their knowledge, is the latest demonstration that Facebook does not take seriously its role in protecting our personal information.”  

Email verification is a standard practice for online services such as Facebook. Typically, when a consumer signs up to a new service, they are asked to provide an email address, where they then receive an email with a link to verify that the email account belongs to them. Facebook's procedure requested certain users to hand over their password to their personal email account. Additionally, reports indicate that Facebook proceeded to access those user’s contacts and upload all of those contacts to Facebook to be used for targeted advertising. While Facebook has admitted that 1.5 million people's contact books were directly harvested, the total number of people whose contact information was improperly obtained by Facebook may be hundreds of millions, as people can have hundreds of contacts stored on their contact databases.  

The office has previously enforced New York’s consumer protection laws against social networking websites that misappropriated user’s contact lists. In January 2019, Attorney General James announced an investigation into Apple over their failure to warn consumers about the FaceTime bug that jeopardized the privacy of consumers in New York by allowing users to receive audio and video from the device of the person they are calling even before the person has accepted or rejected the call. In March 2018, the Attorney General’s Office opened an investigation into Facebook over the reported misuse of user data with Cambridge Analytica.