Facebook "unintentionally" stole private info from users and used it for targeted ads.
https://gizmodo.com/facebook-asked-some-users-for-their-email-passwords-th-1834129792
Electronic Frontier Foundation security expert Bennett Cyphers told Business Insider earlier this month that asking users to hand over account credentials as part of a registration process is basically indistinguishable to a phishing attack. Per a Wednesday report in Business Insider, Facebook has now said that it automatically extracted contact lists from around 1.5 million email accounts it was given access to via this method without ever actually asking for their permission. Again, this is exactly the type of thing one would expect to see in a phishing attack.
...
A spokesperson told Gizmodo via phone earlier this month that The intent of this option was simply to confirm the account. However, Facebook confirmed to Gizmodo on Wednesday that the contact information was used for friend suggestions (i.e. its oft-unsettling People You May Know feature) and to improve ads (in other words, for targeted advertising purposes).