Details of 100 million Facebook users were *already* exposed on the net

Filed Under: Data loss, Facebook, Privacy, Social networks

Facebook and magnifying glass
Have you seen the headlines? They're pretty scary-looking.

Here's just a handful - although there were hundreds more to choose from:

"A fifth of Facebook users names 'leaked' to file-sharers", Techwatch

"Details from 100 million Facebook profiles posted online", Network World

"Details of 100m Facebook users collected and published", BBC News Online

"100 million Facebook accounts exposed", V3

At first glance these headlines might appear frightening. But there's one thing you need to know. All of this information was already available to anyone on the internet.

What's happened is that a security consultant called Ron Bowes wrote some scripts to harvest publicly-available information from the profiles of Facebook users who had left their profiles open for anyone to view.

In total he managed to scrape the names and urls of some 100 million Facebook users (about 20% of their population), and posted the database of snaffled information up on a peer-to-peer file-sharing network for anyone to download.

The Facebook user data can be downloaded from a peer-to-peer file-sharing network

This wasn't really a "hack" as such, as the guy who collected this information didn't have to break into accounts to access the information. The personal information from users' Facebook profiles was already available to anyone because individuals' privacy settings had not been properly secured, and they had effectively left their lights on and curtains open for anyone to peek in and make a note of anything they could see.

The real problem here is that users haven't secured their profiles well enough - but I don't think they're the only ones at fault. Facebook has gradually eroded its users' privacy over the years, in an attempt to share more information with the rest of the internet. In fact, it's even recommended that users use settings that share more information - and some users may not have been aware that going with Facebook's recommendations would leave them open to being snooped on in this fashion.

The problem is that once you've shared your information with "everyone" on the net in this fashion, there's no going back. You can't withdraw your data - and now the user details have been harvested they will forever be available for anyone to access.

Facebook privacy setting

Facebook users need to wake up to the risks of sharing too much information online, and examine their Facebook security settings closely to ensure that they are not divulging too much to people they don't know, and are comfortable with their choices. Today the news story is about names and urls being scooped up - maybe tomorrow it could be more personal information that is gathered from poorly secured Facebook users.

We've published a step-by-step guide where Facebook users can check their privacy settings and ensure their information is better secured.

Please take care when you're online, and consider joining the Sophos page on Facebook to be kept informed of the latest security threats.

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.