Hot topics

    • news

    Comment

    Hacker Proves Facebook's Public Data Is Public

    Alexia Tsotsis

    View Staff Page

    Alexia Tsotsis is the co-editor of TechCrunch. She attended the University of Southern California in Los Angeles, CA, majoring in Writing and Art, and moved to New York City shortly after graduation to work in the media industry. After four years of living in New York and attending courses at New York University, she returned to Los Angeles in... → Learn More

    Wednesday, July 28th, 2010
    Comments

    Security specialist Ron Bowes has once again proven how easy it is to glean valuable user information from Facebook, by spidering Facebook’s online directory and compiling it all into one neat little torrent that could be downloaded off his site, SkullSecurity.com.

    Bowes created a torrent containing over 171 million entries with links to profiles that provide access to the names, addresses and phone numbers of 100 million users, one fifth of Facebook.  Bowes accessed Facebook’s directory, which has the default dictum “Anyone can opt out of appearing here by changing their Search privacy settings.” Yeah, but should they have to?

    These kinds of security breaches will only encourage more hackers desperate for attention. Now would be a good time for Facebook to set their default search to “Friends Only.” Why? Because most people are aren’t quite aware that check mark next to “Everyone” includes a hacker who can grab your personal info, package it up and sell it to the highest bidder.

    According to Bowes the torrent contains (at 2.8 GB, our torrent is “still downloading”) …

    • The URL of every searchable Facebook user’s profile.
    • The name of every searchable Facebook user, both unique and by count (perfect for post-processing, datamining, etc).
    • Processed lists, including first names with count, last names with count, potential usernames with count, etc.
    • The programs [Bowes] used to generate everything [which makes it easy for other hackers to replicate the process]

    While the advice to an individual user to change your privacy settings may be moot at this point, the suggestion that Facebook make it profiles unindexable by default isn’t. Especially when you read the more ominous statement from Bowes further on in his post on the breach, “So far, I have only indexed the searchable users, not their friends … I’d like to tackle that in the future.”

    Photo: Bejealousofme/Flickr

    Crunchbase

    Company: Facebook
    Website: facebook.com
    Launch Date: February 1, 2004
    IPO: NASDAQ:FB

    Facebook is the world’s largest social network, with over 1.1 billion monthly active users. Facebook was founded by Mark Zuckerberg in February 2004, initially as an exclusive network for Harvard students. It was a huge hit: in 2 weeks, half of the schools in the Boston area began demanding a Facebook network. Zuckerberg immediately recruited his friends Dustin Moskovitz, Chris Hughes, and Eduardo Saverin to help build Facebook, and within four months, Facebook added 30 more college networks. The original...

    → Learn more

    Tags: ,
    blog comments powered by Disqus