Facebook has inadvertently uploaded the email contacts of 1.5 million users who had just signed up to the network. The social media giant has acknowledged that it had collected up to 1.5 million users’ email contacts without the user’s consent, in the latest privacy issue that hit the giant tech firm.

Facebook said that the email contact lists had been unintentionally uploaded to Facebook which was a follow up of a design change done almost two years ago, and the company was now in the process of deleting them.

The issue stems from when Facebook asked new users for their email passwords at sign-up, an odd request which was spotted a few weeks ago by a cybersecurity researcher by the name of e-sushi.

The social media giant faced criticism after the Cambridge Analytica scandal after the company accessed personal information on up to 87 million Facebook users.

Facebook ended the practice shortly after it was called out on it, but it turns out users who had entered their passwords likely had their contacts scraped anyway without their permission. The company said it is on the verge of deleting the contacts.

A Facebook spokesperson said the firm did not realize this was happening until April of this year when it stopped offering email password verification as an option for people signing up to Facebook for the first time.

Facebook has added that they are up for fixing the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.