Millions of Facebook user details exposed

Hold on to your hats boys and girls, Facebook made things worse for you, not better! The personal details of more than 100 million Facebook users have been made available to download from the internet via file-sharing websites and torrents.

Canadian security consultant Ron Bowes of Skull Security developed a piece of software code that enabled him to harvest data on Facebook users who have not amended their privacy setting to make their information unavailable to search engines. Mr Bowes said he was able to uncover 171 million names, relating to over 100 million individuals, or more than one-fifth of Facebook’s total users.

The list was then made available for other internet users to download via sites such as Bit Torrent and Pirate Bay. “As I thought more about it, and talked to other people, I realised that this is a scary privacy issue,” said Mr Bowes in a blog post on his website. “Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details. If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not,” he added.

All of the data was already available to anyone prepared to trawl through search engines but had not been published in list form.  Mr Bowes claimed he had collected and published the data purely to raise awareness of the problems of using public data online. The list does not include any user’s whole profile or their passwords or personal settings. Facebook said it was investigating the methods used to collect and publish the material but stressed that private data had not been compromised. “People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want,” the company said in a statement. “Our responsibility is to respect their wishes. In this case, information that people have agreed to make public was collected by a single researcher. This information already exists in Google, Bing, other search engines, as well as on Facebook,” the statement added. “No private data is available or has been compromised. Similar to a phone book, this is the information available to enable people to find each other, which is the reason people join Facebook. If someone does not want to be found, we also offer a number of controls to enable people not to appear in search on Facebook, in search engines, or share any information with applications.”

Author: Jason Zajdel

Learning as I go along. It’s an awesome ride. =-)