In March, Facebook had stopped offering email password verification as an option for people who signed up for the first time, the company said. There were cases in which email contacts of people were uploaded to Facebook when they created their account, the company said.
"We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we are deleting them," Facebook told Reuters, adding that users whose contacts were imported will be notified.
The underlying glitch has been fixed, according to the company statement. Business Insider had earlier reported that the social media company harvested email contacts of the users without their knowledge or consent when they opened their accounts.
When an email password was entered, a message popped up saying it was "importing" contacts without asking for permission first, the report said.
Facebook has been hit by a number of privacy-related issues recently, including a glitch that exposed passwords of millions of users stored in readable format within its internal systems to its employees.
Last year, the company came under fire following revelations that Cambridge Analytica, a British political consulting firm, obtained personal data of millions of people's Facebook profiles without their consent.
The company has also been facing criticism from lawmakers across the world for what has been seen by some as tricking people into giving personal data to Facebook and for the presence of hate speech and data portability on the platform.
Separately, Facebook was asked to ensure its social media platform is not abused for political purposes or to spread misinformation during elections.