Hacker Harvests 100M Facebook Profiles and Publishes Data: Who's At Risk?

"People did not understand the privacy settings and this is the result"

This article is from the archive of our partner .

A number of Facebook users are panicking following news that a Canadian security researcher has harvested the data of 100 million Facebook users into one, easily searchable file. The man's name is Ron Bowes and he's collected profile information from about a fifth of all Facebook users. That data is now stored on a 2.8GB file that anyone can download. Bowes indexed the users' information that was already public, leading some to downplay the news. Others are urging Facebook to make information private by default, rather than forcing users to adjust their privacy settings. Here's why Bowes made the database and who's at risk:

  • His Intentions  Chris Morran at the Consumerist explains: "The file was compiled by a security consultant who wanted to show how easy it was to harvest all the information from Facebook users who hadn't made their profiles private. The info contained in the file does not include phone numbers, e-mail or postal addresses, though it's conceivable that this information could be just as easily harvested."
  • What Did He Collect?  Jemima Kiss at The Guardian explains: "The data Bowes pulled included account names, profile URL and contact details - and also the names of those users' friends, even if they have chosen not to be listed in search engine results. While alarming that Facebook's information should be harvested in this way, it is not illegal."
  • This Is Awful, says Simon Davies of the watchdog group Privacy International: "Facebook should have anticipated this attack and put measures in place to prevent it. It is inconceivable that a firm with hundreds of engineers couldn't have imagined a trawl of this magnitude and there's an argument to be heard that Facebook have acted with negligence."
  • It's Not a Big Deal, writes Adam Frucci at Gizmodo: "Feel free to go download it, but if you're looking for juice on a particular person, you could just as easily get it by searching Facebook for them. You'll get the same info." Matthew Rogers at Download Squad agrees: "Basically, with this database in hand, a potentially malicious user could sift through all the names and come across the user he was looking for, see that user's Facebook landing-page (the little page with their name, picture, and a few friends) -- and that's about it." Dan Nosowitz at Fast Company is in the same camp.
  • Facebook Should Make Its Pages Unindexable By Default, writes Alexia Tsotsis at TechCrunch: "While the advice to an individual user to change your privacy settings may be moot at this point, the suggestion that Facebook make it profiles unindexable by default isn’t. Especially when you read the more ominous statement from Bowes further on in his post on the breach, 'So far, I have only indexed the searchable users, not their friends … I’d like to tackle that in the future.'"
This article is from the archive of our partner The Wire.