100 million Facebook users added to a publicly available torrent file
Information relating to a fifth of Facebook’s users is now available for download. By anybody!
A directory containing the personal information of (and be sure to say this in your best Dr. Evil voice) 100 million Facebook users has been made available on a torrent site and the almost 3 GB file can be downloaded by absolutely anybody. Ron Bowes of Skull Security created a script that harvested user information from Facebook’s user directory.
According to the Skull Security blog, the torrent contains:
- The URL of every searchable Facebook user’s profile
- The name of every searchable Facebook user, both unique and by count (perfect for post-processing, datamining, etc)
- Processed lists, including first names with count, last names with count, potential usernames with count, etc
- The programs I used to generate everything
Okay, so what could be done with the information contained in the torrent file? Well, it could be used to create a list of what are probably the most common user names (from the blog):
129369 jsmith
79365 ssmith
77713 skhan
75561 msmith
74575 skumar
72467 csmith
71791 asmith
67786 jjohnson
66693 dsmith
66431 akhan
Armed with a list of user names, somebody could potentially use brute force methods to establish the passwords that go along with those user names.
It’s important to note that this does not represent a breach of Facebook’s security and the information harvested by Bowes is information that people have chosen to make publicly available. What people should, however, learn from this incident is the importance of not over-sharing information on social networks and ensuring that your accounts are protected by a strong password.
Seeing as there are roughly 500 million Facebook users, you’ve got about a 1 in 5 chance of being included in that torrent file. Will this make you reconsider what personal information you’re making public, or do you really not care if your details are available to everyone?
Filed Under: Breaking News > Facebook > My Online Life
Tags: Facebook, facebook privacy issues, Social Networking, torrent, users
Just another very good reason to have a very dumb downed Facebook account, with privacy settings locked in place so that nobody but your contacts can see your pages. Even at that keep private dealings, vacations and away time strictly off-line. oh and a friend twice removed is not a friend.
(Report comment)
I closed the accpunt I had even though there was nothing in it, that was the last time there was talk of lack of security ,this is not sevurity the users are giving the info to anyone who wants to use it Facebook gave you the tools to keep you comments for your friends only. I would change your account with Facebook IOr wat and see who hacks you.
(Report comment)
You REALLY need to learn how to spell better.
[ed: original comment edited]
(Report comment)
Nothing better to do than critcize huh?
(Report comment)
I’ve seen higher quality commentary on the Pirate Bay
(Report comment)
Dear *Fabbergasted*,
Your spelling is wrong also. You left out an L in Fabbergasted. It’s spelled Flabbergasted….. hehehe.
(Report comment)
I am not on facebook so I don’t have to worry
(Report comment)
Goodie for you – what a useless comment.
(Report comment)
As is YOUR useless comment.
(Report comment)
As was your comment. lol. and so it goes…..
(Report comment)
There is a new social networking experience coming this fall. It’s called somethingcoolhappened.com. You can go there now to view a preview video and to preregister. With this site you can interact with friends, create your own unique avatars, upload videos, pictures or stories of something cool that happened to you or someone else! You also get full anonymity. It is going to be awesome! Check it out.
Think of this site as more like a combination of YouTube, Flickr, Facebook and then something totally brand new. With this site you will get your anonymity back, no more personal information floating around being sold off and you will get to be creative, compete with other people if you wish and just have fun in a great positive atmosphere.
(Report comment)
It’s really quite simple. Whatever you don’t want the world to see, either don’t put it on the Internet at all or make sure that your privacy settings are locked on tight. Of course, someone could potentially hack your Facebook account or whatever, but chances of that are pretty slim. Personally, I have my Facebook account set so that only certain people that I am friends with can see my photos and any other personal info. Anyone else, including a large portion of my “friends” cannot access this info.
(Report comment)
I agree with the other poster. If you don’t want other people knowing your business don’t post it. I have facebook and I rarely use it.As far as I am concern it is none of anybody’s business where I live and what I am doing.What you put on your profile is KISS. Keep it simple stupid.
(Report comment)
Ron Bowes is a hacker, plain and simple. As a hacker, he should go to jail for this stunt.
It’s the thought that counts. We should not allow this kind of behavior from ANYONE.
(Report comment)
We can all take some comfort in the knowledge that said hacker is probalby some sad, 30/40-something, acne ridden loser who lives in his parents basement, has no life and sadly, feels empowered by compiling mostly useless information.
(Report comment)
Hey
If people are putting information as publicly available this is little more than a phone book or yellow pages.
Actually the phone company requires you to request a private listing, but FB and other networking sites give you direct control.
I’m not sure how you justify saying he should go to jail for breaking no laws. I assume you break some laws yourself (speeding, jay walking, tax evasion . . . )
It is a little frightening though when we realize how little privacy we have.
(Report comment)
Ron Bowes is not hacking if these people left their personal information open to “EVERYONE” because in doing so, they allow anyone to look for them. It appears that it’s all he did. However, I’ve never truly read ALL the clauses in the Facebook Agreement (has anyone..it’s like 50 pages long!!!!)but there should be something in there that prohibits the publishing of such information, by ANYONE!
On another matter, how does one turn of the continual Facebook request to fill out a survey? This requires you to ‘allow’ access to everything no matter what the settings. I don’t agree with this, don’t want to take the survey, but I keep getting the e-mails!
(Report comment)
Hey if it wasnt for the HACKERS how we keep an eye on Big Brother?
(Report comment)
k so, if you have all the privacys on and your password is strong and no one knows it, are you safe?
(Report comment)
Of course you are safe. You have knowledge and the ability to apply the knowledge to create the security you want and need. You can make it so that you do not appear in searches. When someone googles me, my FB profile comes up, but all it has is my name – no picture, no other information.
(Report comment)
It stands to reason that people who do not have “dumbed-down” profiles and who share all of their information publicly are doing so because they want to and choose to. It seems like a story about people compiling information from publicly searchable files should maybe NOT be a story, because this is NOTHING new. I just think it is too bad and so sad that people who do have information out for public view are often too stupid to know that they do have that info out there.
It’s the same as those people who post on their status’s about Facebooks new privacy issues and whatnot – it kind of surprises me that those things are NEW to people, considering I took the time to go and read everything and customise my own security settings. They are publicly admitting to being stupid and incapable of learning about what they are using. I mean really.
(Report comment)
Just another example of how insecure Facebook is. Seems like it makes news weekly about another security breach. And my friends wonder why I don’t use my account and don’t allow people to tag me at all.
Should be caled Jokebook!
(Report comment)
if you want to socially network, with almost perfect security, there’s this thing called a telephone. you actually get to hear your friend’s voice in real time, and interact more quickly than you can text.
amazing!!!!
(Report comment)
How is it that people are so shocked when personal information that they knowingly and purposely posted on THE INTERNET is revealed for all to see?
Since when did the internet become a place where anyone in their right mind would think it was private, in any way, shape, or form?
(Report comment)
— People didn’t you all know, it doesn’t matter whatGadget you have.
— Someone; Meaning provider,and other large data base have almost everyone on file.
— I hear people on the bus or just walking, and people in general are having an OPEN conversation, about somewhat private issues, then they wonder about PRIVATE LIFE
—HELLO !!!!!!
(Report comment)
Well I’ve Checked out The Directory And Guess What….I`m Not There And I Have A Facebook Account And Use It Daily, I DON`T PLAY ANY STUPID GAMES OR OTHER ENTERTAINING THINGS….THAT IS THE KEY TO BEING ANONYMOUS…..
http://www.facebook.com/directory/people/
(Report comment)
I’m not in the directory either, and I think it’s because I, too, don’t play any games or add any apps or such to my profile. I got hacked into before when I used to accept invites for all kinds of useless garbage.
(Report comment)
Publicity stunt from skull security, nothing new in it. Its quite easy to automate and collect public info from social networks.
(Report comment)
Everytime these news stories about Facebook surface, they always create such a panic. And then those of us who use it are forced to hear tedious warnings from those who don’t use it and have no idea what it’s really all about.
With that being said, it’s all about common sense. As every other poster has pointed out, watch what info you put out there. Don’t list your current place of work. Don’t list your address or phone number. List your birthday if you wish, but there is no need to list the year. Things like SIN #s should never be listed (although I don’t even think there is a field where this info would be required). Use the privacy settings – if used correctly, nosey people can’t creep all of your pictures and info – and be sure to check on those settings regularly – Facebook is notorious for “updating” their site to make “improvements”, and alot of times during the changes, it seems your settings get erased and you have to reset them. And for Pete’s sake, do not post pictures of you or your kith & kin that are lewd or involve illicit behaviour. It’s all about playing safe and using your head.
(Report comment)
1 in 5 huh?
not really a worry, considering that probably 3 in 5 FB accounts are false accounts held by gamers and people smart enough to realize that if they want to use FB features (like the games) without compromising their security that they would have to open a false account to safeguard the info on their real (locked down) accounts.
this is really nothing new to anyone who has read FB’s ToS. it states that your information is farmed out to almost anyone willing to pay for it. whether or not those buyers realize that the lists are made up largely of false accounts is not known, although it’s a fair certainty that FB is aware of the situation.
FB does not guarantee their users anything, including account security. even locked down accounts are subjected to third party advertising. how can anyone believe that their information is secure? it’s not, and FB’s corporate policy is that it never will be, as long as there is a buck to be made.
seriously reconsider starting an FB account, or consider closing the one(s)you have. i am. i value my security, and recent evidence is that FB does not.
(Report comment)
I can’t help wonder what ever happened to personal responsibility? All the people who get all freaked out about their information not being secure need to wake up and stop blaming the Facebook creator(s) for their own stupidity. It’s simple. Don’t put personal information out there! It’s always so much easier to blame someone else for your own lack of intelligence. If people took the time to actually look at and set their privacy settings, they would see that they can CONTROL what others see…but alas, once more, it comes down to personal responsibility.
(Report comment)
At any time in this modern technology world when you use an electronic device, messages can be monitored unless you have a serious security system like the military.
But eventually all communicatons will be come monitored for various
selfish reasons including the prospect of getting business.
So you have to keep in mind that someone may listen to your words one day.
(Report comment)
Will all you nerds go outside and experience daylight please?
All this whining about Facebook security. You know years ago, waaaaaay back, you didn’t need your idiot box computer to interact socially with people. You just go outside and see them in person.
You could alleviate all your security concerns if you just took your Star trek obsessed asses outside and see people for real. Who knows, some of you might actually get laid.
(Report comment)
Phillip,
Great comment. I couldn’t have said it better myself.
Best laugh I’ve had in days!
(Report comment)
Its does not matter if the user considers thier information private. 12 year olds are out there trying simple techniques like these: http://www.facebook-hacks.org/?p=71
(Report comment)