Facebook Inc. said it may have unintentionally uploaded email contacts of 1.5 million new users since May 2016.

The privacy breach came to light when a security researcher questioned why Facebook was asking for email passwords when new users signed up with the platform. The Business Insider reported that if you enter your email password, a message popped up saying it was importing your contacts, without your permission first.

“We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone, and we are deleting them,” Facebook told Reuters, adding that users whose contacts were imported will be notified. The underlying glitch has been fixed, according to the company statement.

Recently, Researchers found a number of privacy-related issues in FB, including a glitch that exposed passwords of millions of users stored in readable format within its internal systems to its employees.

Last year, the company faced criticism following revelations that Cambridge Analytica obtained personal data of millions of people’s Facebook profiles without their consent.