100 Million Facebook Pages Leaked On Torrent Site

Stoobalou writes "A directory containing personal details about more than 100 million Facebook users has surfaced on an Internet file-sharing site. The 2.8GB torrent was compiled by hacker Ron Bowes of Skull Security, who created a web crawler program that harvested data on users contained in Facebook's open access directory, which lists all users who haven't bothered to change their privacy settings to make their pages unavailable to search engines."

Leaked?

[ikarous]

Misleading headline is misleading. These public profiles haven't been leaked. They've simply been aggregated.

Re:Leaked?

[jeffmeden]

They might as well have said "millions of home telephone numbers LEAKED via paper-based archive deposited randomly on doorsteps ALL ACROSS TEH COUNTRY!!!"

Worthless headline; it should read "Facebook name and URL database created from already public information, nothing to see here, move along"

No, It's Just a List

[eldavojohn]

If you go to the originator, here's all it contains:

This torrent contains:

* The URL of every searchable Facebook user's profile
* The name of every searchable Facebook user, both unique and by count (perfect for post-processing, datamining, etc)
* Processed lists, including first names with count, last names with count, potential usernames with count, etc
* The programs I used to generate everything

You're going to get a URL to pages. If the user has since made them inaccessible, you'll only get what you can from their public profile. Like, you cannot get to my friends list from my public profile. You'll get "potential" usernames to log into Facebook. Big deal. Remember when everyone could make a username for Facebook and that was also their profile URL? Well, now you can guess the most common names and add them to this list like david. Then you could use ncrack or whatever.

Not a whole lot in this file. Not like he scraped the pages of data and put that in a csv file for research or anything really interesting.

Re:FTFA

[TubeSteak]

More likely it will precipitate a lawsuit. Why fix the problem when you can sue the pants off someone instead?

Sue for what? Violating Facebook's ToS?

I'm surprised TFA didn't link to the guy's blog. He has a good writeup there
http://www.skullsecurity.org/blog/?p=887

The Torrent: http://www.skullsecurity.org/blogdata/fbdata.torrent

Where's the Pr0n?

[ArcherB]

Would someone create a list that only contains public profiles with NSFW images?

Thanx

Re:FTFA

In this case I think it is a more of a matter of 'yeah so?'. I put my information on that website *SO* I could be found. Everyone else who links to me is doing the *EXACT SAME THING*. The whole point of this site as sold is to link you to your friends and family. Thats it. How do you find people? Oh yeah you search for them.

The usual internet problems exist. Do not put up there what you do not want other to know.

I am sure there are dozens of ways to abuse the information that is up there. But guess what *YOU HAVE DECIDED* to put it up there...

That you expect some sort of privacy from an application that by its nature is about being open and sharing whatever stupid thing you are doing is backwards.

If you do not want to be found facebook is not the place to be. It shares everything no matter what your 'settings' are. You have by its nature shared with at least 2 parties. Your friends and facebook. If you want to keep a secret you do not tell people who are known to tell others.

Sensational...ism

[RobM9999]

Sensationalism - A manner of over-hyping events, being deliberately controversial, loud, self centred or acting to obtain attention. It is also a form of theatre.

Yep, that's pretty much it.

Just because he found the super-secret directory, http://www.facebook.com/directory/ and wrote a program that would read it. Of all the evil, nefarious things to do.

Re:And now more people will know about it

[causality]

and get more information from those people. You stay classy slashdot.

Rest assured that the blackhats who want this information already know about it. As another user suggested, one potential abuse of this information would be to choose targets for social engineering attacks. But those who would exploit it did not just now hear about it. If anything it's the public that is often left behind.

If you don't want to see that reality then we cannot have a conversation about this. If you can see that reality, then I have one question for you: how do you propose we solve the bigger problem of raising awareness of the dangers and misuses of such databases without some publicity? The users who least understand how these things can be abused are generally the ones who are most actively making their personal information publically available. Everyone else either doesn't share the need for personal exhibition, uses false data, or takes a deliberate and calculated risk with any real data made available.

While I think it's an empty vanity personally, I'm not against someone making a public exhibit of themselves if that's what they wish to do. What I would like to see, however, is for those people to do this with a full awareness of how it could be used against them. The deck is somewhat stacked against them because the black hats thoroughly study how to misuse information, whereas the average user just wants to communicate with friends. That can change, and it really should.