In brief: Facebook has again been hit with another privacy scandal. The company says it “unintentionally” uploaded the email contacts of 1.5 million users without their permission when they signed up to the social media site.

The revelation comes after a security researcher discovered Facebook was asking some new signups to enter the passwords for their emails accounts as a way of verifying their identities.

Business Insider yesterday reported that some of those who did enter their passwords were presented with a popup informing them that their contacts were being imported—without asking for permission.

Before May 2016, new Facebook users were asked if they wanted to verify their identity using their email account. They were also asked if they wanted to upload their address books. Facebook claims it changed the feature and removed the text stating the contact information was being uploaded, but the underlying code that performed this task accidentally remained.

Facebook said it stopped offering the email password verification option a month ago. It is now deleting the uploaded contacts and over the coming days will be notifying the 1.5 million users whose address books were imported.

A company spokesperson told Business Insider reporter Rob Price that the scraped contacts were used to recommend friends to users and improve ads on the network.

This is just the latest case of Facebook taking a lax approach to user privacy and data. Last month, it admitted to storing hundreds of millions of user passwords in plain text, and this is despite Mark Zuckerberg's promise of a “privacy-focused” future.