Tuesday, October 30, 2012

Tale of a Man Who Bought Details of 1.1 Million Facebook Users for $5

Facebook SearchHow protective are you of your information?

Many of us share our contact information, current location and everyday thoughts on our Facebook profile without ever considering the possibility of that data ending up in the wrong hands.

Even more alarming is how easily said data can be collected and sold to anyone that’s willing to pay. The sales price doesn't have to be high, either.

As Bulgarian blogger and digital rights activist Bogomil Shopov recently discovered, a handy $5 can fetch the information tied to 1.1 million Facebook users.

According to his blog, Shopov purchased the list containing Facebook names, user IDs, email addresses, and vanity URLs from someone off Gigbucks for $5. In the description, the seller wrote that the data had been collected through Facebook apps, only included active users, and had great potential for anyone looking to offer a social media product or service. Spammers could also find this list useful, of course.

Shortly after making his purchase, Shopov was contacted by Facebook and instructed to send them the file, give them all the purchase details, disclose whether or not he’d shared it with anyone else, and promptly delete any copies he had. Oh, and don’t tell anyone what happened. We see how that went.

After conducting an investigation, Facebook determined that the information was collected by scraping public information and not through an app as the data seller claimed.

There was a bit of doubt that the information was scraped and not app-provided given that Shopov said that some of the email addresses he checked were not publicly displayed; however, it’s possible that the email addresses were visible at some point.

So what should we take from all of this? Well, if you’re a Facebook user, you should definitely:

  • Make sure your privacy settings are configured correctly (aka nothing is "public") to minimize the chances of your personal information being scraped from your profile.

  • Pay attention to what apps you install on your Facebook profile and ultimately give unlimited access to your information.


Failure to lock down your Facebook profile could lead to your data being sold, email address being added to a spammer's mailing list, or maybe even the loss of your job.

[via Forbes]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment