"And we know any data stored by private companies must be given to law enforcement, like the NSA, when those agencies request it," she said in an email. "The end result could be that Facebook turns over extensive contact information to law enforcement on people who haven't even signed up."
Downey cautioned anyone signing up for any online services to avoid using features like "find friends" or "upload your contacts" because by using them, they're adding their contacts to those companies' databases.
"Your intentions may be good — to connect with your friends or easily find people to follow — but you're spreading data collection to uninvolved, unaware people," she said.
Many services like Facebook keep their members in the dark about the data they hold on them. "When users don't know that particular pieces of data about them are part of Facebook's dossiers, how can they exert a responsible level of control to ensure their own privacy?" asked Adi Kamdar, an activist with the Electronic Frontier Foundation.
The lesson to be learned from this latest Facebook gaffe is a harsh one, said David Britton, vice president of industry solutions at 41st Parameter.
"The message to consumers is that they need to know that any data they may upload online may at some point be available to individuals that they never intended to have access to it," Kamdar said.
"Even more importantly — even if they don't upload it themselves — someone else may have," he added.
Sign up for CIO Asia eNewsletters.