Forgot your password?

Close
typodupeerror
Security Social Networks

100 Million Facebook Pages Leaked On Torrent Site 163

Posted by CmdrTaco
from the so-many-pokes dept.
Stoobalou writes "A directory containing personal details about more than 100 million Facebook users has surfaced on an Internet file-sharing site. The 2.8GB torrent was compiled by hacker Ron Bowes of Skull Security, who created a web crawler program that harvested data on users contained in Facebook's open access directory, which lists all users who haven't bothered to change their privacy settings to make their pages unavailable to search engines."
This discussion has been archived. No new comments can be posted.

100 Million Facebook Pages Leaked On Torrent Site More

100 Million Facebook Pages Leaked On Torrent Site

Comments Filter:

  • Re:Well (Score:4, Informative)

    by Gi0 (773404) on Wednesday July 28 2010, @10:12AM (#33055960) Homepage
    No. This torrent contains: * The URL of every searchable Facebook user's profile * The name of every searchable Facebook user, both unique and by count (perfect for post-processing, datamining, etc) * Processed lists, including first names with count, last names with count, potential usernames with count, etc * The programs I used to generate everything

  • No, It's Just a List (Score:5, Informative)

    by eldavojohn (898314) * <my/.username@@@gmail.com> on Wednesday July 28 2010, @10:16AM (#33056010) Journal
    If you go to the originator [skullsecurity.org], here's all it contains:

    This torrent contains:

    * The URL of every searchable Facebook user's profile
    * The name of every searchable Facebook user, both unique and by count (perfect for post-processing, datamining, etc)
    * Processed lists, including first names with count, last names with count, potential usernames with count, etc
    * The programs I used to generate everything

    You're going to get a URL to pages. If the user has since made them inaccessible, you'll only get what you can from their public profile. Like, you cannot get to my friends list from my public profile. You'll get "potential" usernames to log into Facebook. Big deal. Remember when everyone could make a username for Facebook and that was also their profile URL? Well, now you can guess the most common names and add them to this list like david [facebook.com]. Then you could use ncrack or whatever.

    Not a whole lot in this file. Not like he scraped the pages of data and put that in a csv file for research or anything really interesting.

  • Re:FTFA (Score:5, Informative)

    by TubeSteak (669689) on Wednesday July 28 2010, @10:16AM (#33056016) Journal

    More likely it will precipitate a lawsuit. Why fix the problem when you can sue the pants off someone instead?

    Sue for what? Violating Facebook's ToS?

    I'm surprised TFA didn't link to the guy's blog. He has a good writeup there
    http://www.skullsecurity.org/blog/?p=887 [skullsecurity.org]

    The Torrent: http://www.skullsecurity.org/blogdata/fbdata.torrent [skullsecurity.org]

  • Re:Okay, so... (Score:2, Informative)

    by Anonymous Coward on Wednesday July 28 2010, @10:23AM (#33056118)

    The point is you don't have to hack anything, facebook just defaults to posting stuff that a hacker might otherwise have to hack in to get.

    For example, did you know that when you add a new email to facebook, it defaults to showing that email?

  • Re:Okay, so... (Score:3, Informative)

    by eldavojohn (898314) * <my/.username@@@gmail.com> on Wednesday July 28 2010, @10:31AM (#33056224) Journal

    This guy wrote a script to crawl Facebook and download everything he could.

    It's not even about that, it's about a guy who wrote a script to collect usernames of everyone on facebook which double as the URL for their profiles. From there you can go and scrape everything you want. You don't even get their public information that they can chose to display on the front page like religion or real name. That's not even on there. No images, just URLs which double as logins.

    This story is about a glorified crawler. No actual hacking transpired. No personal information that wasn't already revealed has been revealed. This is not news. In fact, I had to go back to TFS and double-check that kdawson wasn't the editor - that's how terrible this story really is.

    It's worse than that. It's about a glorified crawler that was augmented with common names to create a list of possible usernames [slashdot.org] and URLs for Facebook. If you gave me a glorified crawler that collected interesting data inside a csv, I'd actually be a little interested in using it. Hell, anyone can do this in perl by coding for five minutes but it would take days for the thing to complete with a risk of banning from Facebook.

    They say this in the article and from the original source [skullsecurity.org]. The summary is more than misleading and there's even less to say "big deal" about than you presupposed.

  • BFD... (Score:1, Informative)

    by Anonymous Coward on Wednesday July 28 2010, @10:33AM (#33056246)

    http://youropenbook.org/

  • Sensational...ism (Score:5, Informative)

    by RobM9999 (191476) on Wednesday July 28 2010, @10:34AM (#33056250)

    Sensationalism - A manner of over-hyping events, being deliberately controversial, loud, self centred or acting to obtain attention. It is also a form of theatre.

    Yep, that's pretty much it.

    Just because he found the super-secret directory, http://www.facebook.com/directory/ [facebook.com] and wrote a program that would read it. Of all the evil, nefarious things to do.

  • Re:Security Research (Score:3, Informative)

    by jeffmeden (135043) on Wednesday July 28 2010, @10:49AM (#33056440) Homepage Journal

    I'm sure Facebook will say this is a good thing, and that those users wanted that information made available since that seems to be their default position on security and privacy.

    Mark Zuckerberg actually said exactly that in a recent interview (with NPR, google it) when confronted with the question of "why not just make the default 'private'?" he quipped "We think users want to be seen". He is probably right, but there are way more people out there who are clueless about their privacy and mistakenly disclose tons of information than those who are well informed and intentionally disclose tons of information. Assuming the whole world is made up of perfectly informed adults who consent to sharing all of their information is a pretty big reach.

  • NOT A LEAK, title is -as usual- stupid (Score:3, Informative)

    by xmousex (661995) on Wednesday July 28 2010, @11:03AM (#33056606) Journal

    A leak is something that happens when previously hidden information is then made publicly available by someone on the inside.

    The information here is available to anyone that wants it, someone just spent some time compiling the data, who had no affiliation with facebook.

  • The reverse-looker factor (Score:2, Informative)

    by qwerty8ytrewq (1726472) on Wednesday July 28 2010, @11:20AM (#33056802) Journal
    the news here perhaps isthat the marketing script-kiddies now have the data in a form they can go to spam-town with. Not really a leak, but an accessible-format conversion. I look forward to the statistics being crunched in amusing ways... % of "female" people who have the words "sex" and "city" and "2" and "terrible" in their data...98%

  • Just a spam List (Score:3, Informative)

    by Alien1024 (1742918) on Wednesday July 28 2010, @11:36AM (#33056988)

    Indeed, just a spam list but with facebook names instead of email addresses.

    Shouldn't come as a surprise to anybody, really. The moment you create a searchable profile, you know that is bound to happen.

  • Re:Security Research (Score:3, Informative)

    by mlts (1038732) * on Wednesday July 28 2010, @12:22PM (#33057548)

    Another thing is to have two FB accounts. One a public profile for your boss, professors, and others to see which has nothing but some random intelligent comments on it. The other your private one for friends, where all the pictures of you with the beer bong are well secured (as well as they can be on FB) from prying eyes.

    Like what the parent stated above, I've not bothered to do this because I feel that if it gets on FB, it will end up public anyways somehow.

  • Re:Not following their robots.txt? (Score:2, Informative)

    by Bing Tsher E (943915) on Wednesday July 28 2010, @12:52PM (#33058074) Journal

    Can't you just bypass robots.txt with your ~/.wgetrc file?

    I know I have. Put the line:
    robots=off
    in it.

    I also put:
    no_parent=on
    and
    recursive=on
    to default to mirroring sites.

  • Re:Not following their robots.txt? (Score:3, Informative)

    by John Hasler (414242) on Wednesday July 28 2010, @02:35PM (#33059662) Homepage

    So, yes, downloading these torrents would be illegal since they were obtained in a way that violates Facebook's TOS.

    Robots.txt is just a convention, not a law, and Facebook's TOS is just CYA grounds for them to terminate your account. If they respond to my GET by sending me a page they just gave me a copy of the page and I am free to disclose the contents of that page.

snappy repartee: What you'd say if you had another chance.