"Attorney General Letitia James today announced an investigation into Facebook’s unauthorized collection of 1.5 million Facebook users’ email contact databases," the release said on Thursday.
According to the release, the total figure of individuals whose information was improperly used by Facebook might be hundreds of millions, instead of 1.5 million claimed.
"While Facebook claims that 1.5 million contact databases were directly harvested by its email password verification process for new users, the total number of people whose information was improperly obtained may be hundreds of millions," the release said.
The New York Attorney General’s office also said it is time that Facebook is held accountable for how it handles consumers’ personal data.
Since May 2016, the social-networking company Facebook confirmed it had collected the contact lists of 1.5 million users new to the social network, it revealed, adding that contacts were "unintentionally uploaded to Facebook."
Facebook's history of securing user privacy has been far from pristine: 2018 saw the tech giant embroiled in a scandal after it was revealed that a London-based political consultancy firm, Cambridge Analytica, had used the personal information of millions of users without their consent, with Facebook confessing to have been aware of the breach since 2015.