Remember the weird revelation that Facebook was asking some new users for the password to their email account? Tonight Business Insider reports that since May 2016, if users entered their email password then Facebook used it to access their contact list and upload the contents to its servers without asking for permission. In a statement, a Facebook spokesperson said:

"...we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we're deleting them."

It is contacting people who had their contacts uploaded, but it's yet another privacy issue for a company that has had long string of them over the last couple of years. It still doesn't explain why the "email password verification" for non OAuth-linked providers was ever implemented before it stopped using the method last month, and provides even more justification for those skeptical of the company's practices and promises.