“All I’ve done is compile public information into a nice format for statistical analysis.” So says the man who is being called the Facebook hacker. Ron Bowes, a security consultant who’s also an nmap developer, is under fire from certain sections of the Internet for creating and uploading a torrent that contains more than 100 million Facebook users’ information. The thing is, all of this information was already publicly available in the Facebook directory. So to call him a “hacker,” well, would be incorrect.
Bowes told the BBC that he collected the information in part to test out a new feature of nmap called ncrack, which is used to verify the integrity of login credentials on a server. What’s a better way to get a “real life” wordlist than to compile millions of Facebook users’ usernames?
It should be noted that no “personal information” was collected. Again, anything that was publicly available in the Facebook Directory was merely compiled in one handy package.
Facebook itself, perhaps on the defensive, said that the collection of data was no different than what you’d find in a phone book.
Now, whether of not Facebook should make it so that that type of info is publicly available by default, I don’t know.
People have to realize that with things like Facebook you’re only as secure as the servers your information is stored on. You can choose to completely lock your account to all but your small circle of friends, but all it takes is one little glitch at Facebook HQ, and all of your information is out there. You have to trust that Facebook knows what it’s doing with your information.
And if you cannot trust Facebook to keep your information safe, perhaps you shouldn’t have an account there?