Facebook has been embroiled in another password-related mess.

As reported by Business Insider, the social media giant inadvertently uploaded the email contacts of 1.5 million users who had just signed up to the network.

The issue stems from when Facebook asked new users for their email passwords at sign-up, an odd request which was spotted a few weeks ago by a cybersecurity researcher by the name of "e-sushi."

Facebook ended the practice shortly after it was called out on it, but it turns out users who had entered their passwords likely had their contacts scraped anyway without their permission. The company said it is in the process of deleting the contacts.

"Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time," a Facebook spokesperson said an a statement to Mashable.

"When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5 million people’s email contacts may have been uploaded.

"These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings."

It follows the revelation that Facebook stored hundreds of millions of passwords in plain text, although the company said there was no evidence the passwords were "abused or improperly accessed."