When is a hack not a hack? With all the brouhaha over privacy lately, no doubt Facebook users would be disturbed to know that their details might have surfaced on an internet file sharing site.
According to British site Thinq, the directory was compiled by hacker Ron Bowes of Skull Security using a web crawler program. The 2.8GB torrent reportedly contains 171 million entries, relating to 100 million individual users. Facebook claims a total user base of 500 million.
The file contains user account names and a URL for each user’s profile page, which could contain details such as addresses, dates of birth or phone numbers.
The problem is that Bowes didn’t have to use his hacking skills to break into the Facebook site to compile his directory – he simply harvested publicly available data from Facebook’s open access directory. The affected users all have one thing in common – they hadn’t changed their privacy settings to make their pages unavailable to search engines. However, visiting an user’s profile from this directory would also allow you to click through to their friends’ profiles, even if the friends had not made their profiles searchable.
Privacy has been a big issue for Facebook in the past, though the debate has quietened down since the last big tranche of privacy setting changes in May. The latest news is sure to raise the question about whether the default settings should be more protective of user data.