A few weeks ago, we learned that Facebook asked for the personal email passwords of some users logging in. Today, it admits that it used the passwords to harvest 1.5m users' email contacts without consent. Facebook claims that doing this was "unintentional," despite contact harvesting being the plainly obvious purpose of demanding people's email passwords and notifications in Facebook informing users that their contacts were being imported.

Facebook harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts.

Since May 2016, the social-networking company has collected the contact lists of 1.5 million users new to the social network, Business Insider can reveal. The Silicon Valley company said the contact data was "unintentionally uploaded to Facebook," and it is now deleting them.

The revelation comes after pseudononymous security researcher e-sushi noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities, a move widely condemned by security experts. Business Insider then discovered that if you entered your email password, a message popped up saying it was "importing" your contacts without asking for permission first.