As a practice, this is almost unheard of. In fact, countless numbers of articles have been written underscoring the fact that no legitimate company would ever request such information. In addition, if anyone ever received an email asking for email logins and passwords, (or passwords of any kind), it was a sure sign of a scam in progress.
In addition to that being a horrible business practice, the fear was that Facebook was improperly using the information and unauthorized to harvest personal information on everyone who complied with their unreasonable request.
As it turns out, those fears were spot on. The company recently released a statement saying that they “unintentionally” uploaded email contacts from some 1.5 million new users on its servers, without the consent or knowledge of those users.
Part of the company’s dubious explanation reads as follows:
“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”
Given the company’s recent history of privacy abuses, this explanation has not been well received. It provides further evidence that Facebook has and continues to utterly fail when it comes to protecting its users’ information, even as it generates billions of dollars in revenue from it.