View Full Version : Facebook directory - personal details for 100 million users

July 29th, 2010, 06:27 AM
There's no exploitation in play here, just the wholesale harvesting and presentation of superficial data for roughly one-fifth of Facebook's half-billion strong user-base.

Ron Bowes, of Skull Security (http://www.skullsecurity.org/blog/?p=887), posted the torrent to the Pirate Bay after realizing that his pet project had become something that others might be interested in. He had basically crawled the Facebook directory, and indexed the results. What he got was a list 171 million entries long, representing 100 million unique users, their names, and their Facebook URLs. He packaged it all into a database and posted the 2.8GB file as a torrent (http://thepiratebay.org/torrent/5722635/Facebook_directory_-_personal_details_for_100_million_users).

It's important to note that there isn't any other information in the database. Shortly after word got out about the torrent, the BBC posted a story about it (http://www.bbc.co.uk/news/technology-10796584), and quoted a random user in the comments section as stating that it was "awesome and a little terrifying." Honestly, the only thing terrifying about any of this is the thought of going through the Facebook directory.

Bowes has stated that, though there isn't any real information aside from names and a URLs in the database, any number of contact details may be present on a user's Facebook page -- it all depends on how that user has his privacy settings set. Basically, with this database in hand, a potentially malicious user could sift through all the names and come across the user he was looking for, see that user's Facebook landing-page (the little page with their name, picture, and a few friends) -- and that's about it.

But regardless of the harmless nature of the database, this torrent has become a big deal, because simply being in the cavernous Facebook directory is an option in itself. Now that there's a torrent containing the most basic contact information for 100 million users, that particular privacy setting has become null for the users on that list.

So, in the end, this is just one more reminder for everybody on Facebook to check their privacy settings.