The privacy weaknesses of social networks are once again in the spotlight, after a security consultant shared details of millions of Facebook users online
The personal details of 100 million Facebook users have been published online by a security analyst, in a stunt intended to expose the social network’s privacy weaknesses.
Ron Bowes, a consultant at Skull Security, used a simple piece of code to “scrape” Facebook profiles, collecting data that was not hidden by users’ privacy settings – including names and profile URLs. The information has been shared on BitTorrent site The Pirate Bay, and has reportedly been downloaded by more than 1,000 users.
Despite a recent rash of privacy concerns – surrounding the launch of its instant personalisation feature and universal “like” button, as well as the fallout over the changes to its privacy settings – Facebook seems remarkably unconcerned by this latest issue. A representative of the social network told BBC News that the information in the list was already freely available online.
“People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want,” said Facebook. “In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook. No private data is available or has been compromised.”
However, as Bowes points out, “If 100,000 Facebook users decide that they no longer want to be in Facebook’s directory, I would still have their name and URL but it would no longer, technically, be public.”
Some experts claim that Facebook should be taking more responsibility for the privacy and security of its customers, and should have measures in place to prevent attacks.
“It is inconceivable that a firm with hundreds of engineers couldn’t have imagined a trawl of this magnitude and there’s an argument to be heard that Facebook have acted with negligence,” said Privacy International’s Simon Davies.
“They can continue to ride the risk and hope nothing cataclysmic occurs, but I would argue that Facebook has a special responsibility to go beyond doing the bare minimum,”he added.
Meanwhile, life assistance company CPP is warning social networkers of the dangers of putting their personal information on the site, and encouraging people to take responsibility for their own online safety.
“The growth of Facebook over the last few years has been phenomenal and people are becoming more comfortable with sharing their lives online. But Facebook users should never put their full dates of birth or home addresses on the site, no matter how high they set their privacy settings.” said Nicole Sanders, identity fraud expert at CPP.
“Privacy settings systems, regardless of the website, will never be a deterrent to sophisticated fraudsters, so it’s vital that users treat anything they put online as public content,” she added.
Last week, Facebook founder Mark Zuckerberg announced that the social network now has more than 500 million registered users, just six years after it was first launched. Writing on the Facebook blog, Zuckerberg described this as “an important milestone”, and thanked users for helping to spread the site around the world.