facebook rss twitter

100m Facebook users’ details published online

by Sarah Griffiths on 29 July 2010, 15:55

Tags: Facebook

Quick Link: HEXUS.net/qazeh

Add to My Vault: x

Networking nightmare

A security consultant has posted the personal details of 100m Facebook users online, apparently to highlight security issues.

According to the BBC, Ron Bowes scanned profiles using a piece of code and collected data not protected by users' privacy settings.  He then published the list as a downloadable file including the URL of every searchable user's profile, their unique ID and name.

Distributed by Pirate Bay, the list has been downloaded by over 1,000 users, but Facebook has said all the information on the list was already in the public domain online. 

The social networking giant told the BBC: "People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want. In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook. No private data is available or has been compromised."

Facebook has repeatedly come under fire for ‘confusing' security settings. Simon Davies of  Privacy International reportedly said Facebook should have anticipated such an ‘attack' and put measures in place to prevent the mass collection of users' information.

"It is inconceivable that a firm with hundreds of engineers couldn't have imagined a trawl of this magnitude and there's an argument to be heard that Facebook have acted with negligence, he reportedly said, blaming the site's security settings.

In response to the furore surrounding its settings Facebook has recently simplified its privacy controls, yet critics have blasted the firm's decision to continue to make it a conscious decision to opt-out of sharing certain pieces of information online, arguing profiles should be secure by default.

Facebook has reportedly compared itself to a phone book, claiming some people join the site in order to be found by others.

"If someone does not want to be found, we also offer a number of controls to enable people not to appear in search on Facebook, in search engines, or share any information with applications," it added.

Davies told the BBC there are now many concerned users who will be wondering who has their data, but added it was a somewhat ‘ethical attack' as more personal data such as phone numbers, addresses and phone numbers could have been collected and published, but were not.

Whether such ‘attacks' will taint the popularity of the site remains to be seen with Facebook recently celebrating 500m members across the globe. 

HEXUS Forums :: 11 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by deleted - Thu 29 Jul 2010 16:04
My personal view, and it differs from Facebook a bit, is that user data ought to be secure from this type of trawling, unless the user explicitly shares it, rather than semi-secure but partly open, unless the user explicitly secures it all.

However ….. there's been so much hoopla about Facebook and privacy recently, that I have to wonder how many of the people that are net-familiar enough to use Facebook aren't also familiar with the privacy issues?

If you knew of the issues and your data wasn't secured, then you can't really complain if, and when, it gets hoovered up like this.

So how many people are unsecured and didn't realise they were? Dunno.
Posted by deleted - Thu 29 Jul 2010 16:16
This is a bit of a non issue really, just scaremongering by the BBC.
Posted by deleted - Thu 29 Jul 2010 16:56
glad i don't use facebook
Posted by deleted - Thu 29 Jul 2010 16:57
I'm just surprised that it's only a thousand users on thepiratebay.org that have downloaded so far.

Very sensationalistic. It may have the desired effect of getting the remaining 20% of Facebook users to close off those security settings. Alternatively it could just penalise those who actually want to use facebook to be found, and create an easy distro list for spammers.

Nice one. Doing this to show proof of concept is fine. Publishing it to the public domain to inspire spammers etc is just not cricket.:redcard:
Posted by deleted - Thu 29 Jul 2010 17:04
Deleted
This is a bit of a non issue really, just scaremongering by the BBC.
It's a bit more than scaremongering. All data should be held securely by default unless explicitly permitted to be shared with unknown 3rd parties by the user in question. If facebook was hosted in the UK it would probably be whacked with a massive fine and shut down under the data protection act until they got their junk sorted out. Even the seemingly innocent ‘apps’ are private personal data harvesters and every day people have no idea that using them exposes their private data. If this was the only instance then fair enough, but there's a growing number of bogus malware sites that use facebook api features to scrape personal data as well.

Yet another reason why web2.0 should be given the heave-ho.

SEE NEWER »