Facebook’s privacy woes continue. This week a man harvested and published the profile details of 100 million Facebook users. If that weren’t bad enough, he then made the file available for free download. You’d think that a lot of companies would be interested in acquiring such data. And you’d be right.
But this is less a case of nefarious marketing tricks than a factor of Facebook’s privacy settings. And things are only going to get worse as Facebook grows.
The man responsible for the leak, Ron Bowes, is a security consultant. He tells the BBC that it was a test for a new security tool he’s working on:
“I’m a developer for the Nmap Security Scanner and one of our recent tools is called Ncrack.
“It is designed to test password policies of organisations by using brute force attacks; in other words, guessing every username and password combination.”
Originally, he acquired people’s first and last names from Facebook to make a list of common user names. But once he had the information, he decided to release it. The list contains the URL of many searchable Facebook users’
profiles, plus their names and unique IDs.
The effort has been good PR for Bowes. But not so much for Facebook.
The social network has already been in trouble for changing the default privacy settings on its profiles. This week, Gawker decided to start giving Facebook’s CEO the paparazzi treatment. The site wrote:
“This is the executive who pushed the private information of
hundreds of millions of users progressively further into the public
Facebook now has over 500 million users, and companies have lined up to download the information Bowes made available.
Through PeerBlock, a Gizmodo reader found the IP addresses of people who downloaded the torrent and the company or organization they downloaded the file from.
A company’s appearance on the list could simply be due to a single employee’s curiosity. But it’s interesting that so many tech companies appear.
has the complete list, which includes groups like The Church of
Scientology among the usual suspect like AT&T, Novell, Viacom and
Those names and emails might not be a major coop for marketing departments. But a little free torrent doesn’t hurt either.
Facebook isn’t interested in upping its security features for business purposes. The more information from the social network that Google can crawl, the more integral a piece of online personal data Facebook becomes. But issues like this are going to keep popping up.
As Bowes put it:
“Having the name of one person means nothing, and having the name of a hundred people means nothing; it isn’t statistically significant.
“But when you start scaling to 170 million, statistical data emerges that we have never seen in the past.”