Facebook's privacy woes continue. This week a man harvested and published the profile details of 100 million Facebook users. If that weren't bad enough, he then made the file available for free download. You'd think that a lot of companies would be interested in acquiring such data. And you'd be right.
But this is less a case of nefarious marketing tricks than a factor of Facebook's privacy settings. And things are only going to get worse as Facebook grows.
The man responsible for the leak, Ron Bowes, is a security consultant. He tells the BBC that it was a test for a new security tool he's working on:
"I'm a developer for the Nmap Security Scanner and one of our recent tools is called Ncrack.
"It is designed to test password policies of organisations by using brute force attacks; in other words, guessing every username and password combination."
Originally, he acquired people's first and last names from Facebook to make a list of common user names. But once he had the information, he decided to release it. The list contains the URL of many searchable Facebook users' profiles, plus their names and unique IDs.
The effort has been good PR for Bowes. But not so much for Facebook.
The social network has already been in trouble for changing the default privacy settings on its profiles. This week, Gawker decided to start giving Facebook's CEO the paparazzi treatment. The site wrote:
“This is the executive who pushed the private information of Facebook’s hundreds of millions of users progressively further into the public sphere."
Facebook now has over 500 million users, and companies have lined up to download the information Bowes made available.
Through PeerBlock, a Gizmodo reader found the IP addresses of people who downloaded the torrent and the company or organization they downloaded the file from.
A company's appearance on the list could simply be due to a single employee's curiosity. But it's interesting that so many tech companies appear.
Gizmodo has the complete list, which includes groups like The Church of Scientology among the usual suspect like AT&T, Novell, Viacom and Wells Fargo.
Those names and emails might not be a major coop for marketing departments. But a little free torrent doesn't hurt either.
Facebook isn't interested in upping its security features for business purposes. The more information from the social network that Google can crawl, the more integral a piece of online personal data Facebook becomes. But issues like this are going to keep popping up.
As Bowes put it:
"Having the name of one person means nothing, and having the name of a hundred people means nothing; it isn't statistically significant.
"But when you start scaling to 170 million, statistical data emerges that we have never seen in the past."
Based in New York, Meghan Keane is US Editor of Econsultancy. You can follow her on Twitter: @keanesian.
Recommended reports
Social Media and Online PR – Digital Marketing Template Files
Social media and online PR is constantly expanding and evolving. These customisable Econsultancy templates will help you get to the core of understanding and creating successful online campaigns in these areas.
The Innovation Report
Download our Innovation Report to see examples of cutting edge tactics and innovative business models across the whole range of digital marketing disciplines, including online advertising, ecommerce, mobile, social media, and search. Companies featured in this report include Kiva, Lastminute.com, Dell and Photobox.
7:46PM on 30th July 2010
This speaks to Facebook's true motives, they are going to protect against this because they want to stay an integral part of SE's. They offer a unique user experience, and that's it.
8:41AM on 31st July 2010
Thanks Meghan, for alerting FB users to either deactivate their accounts, or strengthen their privacy settings. My facebook had minimal info on it, since I never used it. But what was out there was my name and email address. I have deactivated my facebook page today. But could you tell us whether the info downloaded included our email addresses too...or just our names and the website locations of our facebook page?
12:21PM on 1st August 2010
the privacy issue is too bad i know but i still think facebook is now too big to be knocked out for that reason or for any other one
Stock Trading Analyst at Penny Stock Pick Alert
1:07PM on 1st August 2010
It is a sad news to see how websites like facebook can easily be hacked into.
10:17PM on 1st August 2010
Surprise and I should appreciate Ron Bowes for getting Facebook's huge employees base heads down! While facebook is publicising that it has reached more than 500million users accounts as an asset to its growring nature, it is really a big stroke of bad luck! But I feel this would allert other network communities to tighten and alter their security settings.
12:39AM on 4th August 2010
I don't think Bowes did anything spectacular. He basically scraped the directory page on facebook. I have samples for anyone that wants to see but doesn't want to download the torrent:
http://www.jimmyzhou.com/blog/facebook-100-million-users-data-samples-for-download
6:59PM on 5th August 2010
I find it fascinating how trusting people are (generally) when providing their details.
Out of my friend group only around 50% limit their privacy settings.
By the very nature of the Internet one person's profile naturally links onto another, so a screen scraper would do the job perfectly.
A further aid for data mining - HTTP is stateless, so the web server will happily keep churning out requested pages as it ought to.
A good lesson for everyone - I'm sure this will surface again in the near future as I can't see this being the last attempt to gather information people are willing to share.
6:51AM on 11th August 2010
A good lesson for everyone - I'm sure this will surface again in the near future as I can't see this being the last attempt to gather information people are willing to share.
peter +1 good
11:03AM on 21st August 2010
Its really very disappointing, I can't believe that it is done on a social networking site like Facebook. Well all I can say is there is a big need to set some more privacy for this kinda user data, so that hacking can be avoided specially for the user private data.
10:06PM on 25th September 2010
My facebook had minimal info on it, since I never used it. But what was out there was my name and email address. I have deactivated my facebook page today :)
4:11PM on 29th September 2010
it really should default to full lockdown. not everyone even knows about the security settings or reads about it. i can’t stand that every application has to have access to the info either. and Youtube accounts. This also directly ignores the more than 1.5 million youtube users in 24 groups who find the status updates of their “friends” annoying. There is every indication that it is in the worst interests of youtube users to share anything. At best no one cares about your status updates at worst you could lose your job http://faceturkey.net Video My Blog. Thanks.!
12:58PM on 10th December 2010
Thanks Meghan, for alerting FB users to either deactivate their accounts, or strengthen their privacy settings. My facebook had minimal info on it, since I never used it.
6:20PM on 8th March 2011
I think it is gonna blow at the end :)
8:23PM on 19th April 2011
Thanks Meghan, for alerting FB users to either deactivate their accounts, or strengthen their privacy settings. My facebook had minimal info on it, since I never used it.
7:43PM on 21st February 2012
Facebook's true motives, they are going to protect against this because they want to stay an integral part of SE's. They offer a unique user experience, and that's it.
8:19AM on 5th May 2012
Thanks Meghan, for alerting FB users to either deactivate their accounts, or strengthen their privacy settings.
8:11AM on 13th May 2012
Surprise and I should appreciate Ron Bowes for getting Facebook's huge employees base heads down! While facebook is publicising that it has reached more than 500million users accounts as an asset to its growring nature, it is really a big stroke of bad luck! But I feel this would allert other network communities to tighten and alter their security settings.
12:28AM on 16th May 2012
Thanks Meghan, for alerting FB users to either deactivate their accounts, or strengthen their privacy settings. My facebook had minimal info on it, since I never used it.
12:29AM on 16th May 2012
y facebook had minimal info on it, since I never used it. But what was out there was my name and email address. I have deactivated my facebook page today :)
12:32AM on 16th May 2012
I think it is gonna blow at the end :)