A shadow profile is a collection of information pertaining to an application's users, or even some of its non-users, collected without their consent. The term is most commonly used to describe the manner in which technological companies such as Facebook collect information related to people who did not willingly provide it to them.
Though controversial, this practice has been almost never prosecuted as its legality is being contested.
In 2012, a data breach of over six million Facebook users' personal information indicated the existence of a number of shadow profiles, since the leaked information had not been provided by the users themselves. Consequently, Facebook began linking users' shadow profiles to their respective public profiles. The combined profiles were then further shared with the users' friends if they used Facebook's Download Your Information (DYI) tool.