PC World at Yahoo News reports on another security threat raising its head at Facebook. Read on to see if you’re affected. Please note that the “Pirate Bay” referenced below is the same Pirate Bay mentioned in my previous blog as being one of several controversial sites (including pedo-advocates NAMBLA) hosted at the Swedish ISP that also hosts Wikileaks.
“Security concerns over Facebook have been raised yet again after a security consultant collected the names and profile URLs for 171 million Facebook accounts from publicly available information. The consultant, Ron Bowes, then uploaded the data as a torrent file allowing anyone with a computer connection to download the data.
Simon Davies a representative of the U.K.-based privacy watchdog Privacy International accused Facebook of negligence over the data mining technique, according to the BBC. Facebook, however, told the British news service that Bowes actions haven’t exposed anything new since all the information Bowes collected was already public.
So what are the security risks? Should you be concerned? Let’s take a look.
What data was collected?
Ron Bowes, a security consultant and blogger at Skull Security, used a piece of computer script to scan Facebook profiles listed in Facebook’s public profile directory. Using the script Bowes collected the names and profile URLs for every publicly searchable Facebook profile. All together, Bowes said he was able to collect names and Web addresses for 171 million Facebook users. That’s a little more than a third Facebook’s 500 million users. (Click image above to zoom)
What did he do with the data?
Bowes compiled this list of text into a file and made it available online as a downloadable torrent.
How many people have downloaded the torrent?
The Pirate Bay lists 2923 seeds and 9473 leechers for the torrent file at the time of this writing. Seeds are people who have downloaded the entire file and are uploading to others. Leechers are actively downloading the file.
Is this a big deal?
That depends on who you ask. Facebook points out that some of the data Bowes collected was already available through search engines like Google and Bing. The entire data set is also available to any user signed into Facebook. So the data was already publicly available, and nobody’s private Facebook data has been compromised. Nevertheless, this is the first time that 171 million Facebook profile names have been collected into one set of files that can be easily analyzed and searched by anyone.
What could a malicious hacker use the data for?
As Bowes pointed out in a blog post, someone could use this data as a starting point to find other publicly available user data on Facebook. After all, you have to wonder how many of these 171 million Facebook users have publicly exposed e-mail addresses, phone numbers and other information on their profiles?
It has been proven time and again that the more a bad guy knows about you the greater your security risk is. Collecting personal data allowed a French hacker to steal confidential corporate documents at Twitter. Researchers were alarmed when Netflix wanted to release anonymous user data including age, gender and ZIP code for the Netflix Prize 2. Security researchers said the data dump by Netflix was irresponsible since it is possible to narrow down a person’s identity just by knowing their age and ZIP code. The contest was eventually canceled. One Carnegie-Mellon study also found a flaw in the social security numbering system that could allow a sophisticated hacker using data mining techniques to uncover up to 47 social security numbers a minute.
How do I know if my name was caught in the data dump?
From your Facebook profile dashboard click on ‘Account’ in the upper right hand side of your dashboard. Select ‘Privacy Settings,’ and then on the next page under ‘Basic Directory Information’ click on ‘View Settings.’ You should see a page similar to the image above. If the first listing called “Search for me on Facebook” is set to “Everyone.” Then chances are, your name and profile URL are in the torrent file. (Click image to zoom)
You should also check to see if external search engines like Google and Bing are indexing your profile. To do this go back to your main privacy settings page, and at the bottom click on the “Edit Settings” button next to “Public Search.” On the next page, if the “Enable public search” check box is ticked then search engines are indexing your profile. To stop this just uncheck the box and then click on “Back to Applications.”
My name is not in the public directory should I be concerned?
If you were not in the public directory Bowes says your name is not in the torrent file. However, you could be exposed to similar data mining techniques in the future. Bowes says that if any of your Facebook connections have made their friends lists public then your profile could easily be found through data mining your friends’ profiles.
What can I do to keep my information private?
The biggest concern isn’t so much about your name and profile URL being exposed. The greater concern, for you anyway, is the publicly available information contained on your profile page.
To protect yourself, you may want to reconsider your current privacy settings. To do that visit your Facebook profile’s Basic Directory Information page by following the steps listed above or just click here.”
On the top right of the page you should see a button that says “Preview My Profile.” Clicking that button will show you all the information you make public on Facebook. Data you may want to consider hiding includes your hometown, birth date, age, phone number, current city and e-mail address.
So what do you say? Is Bowes’ data dump making your rethink your Facebook profile settings or are you not concerned?
“Using the script Bowes collected the names and profile URLs for every publicly searchable Facebook profile.”
Eh… I don’t see how a profile URL is any type of private information.
It’s not public, strictly.
But, many people put things on their profile, believing it to be available only to “friends”.
In fact, unless they alter the settings, it can be seen by anyone.
Still, amassing the details in one place, is a problem, because it makes it that much easier for hackers and bad guys.
Plus you can see information through other “friends” profiles that might well NOT have been public..
Thanks for your post, however singling out ISP that hosts Wikileaks ( and previously hosted Pirate Bay ) smacks of hating to me.
For the record, I am not a fan of NAMBLA either – to get rid of them try talking to the IRS about their non-profit status or California or New York ( I don’t know which )as they are the listed locations of the corporation.
I honestly don’t understand your concern about the Facebook information. Data mining exists and is possible on any relatively new computer with an internet connection.
And seriously, information you post to Facebook becomes Facebook property and Facebook is the one who allows it to become public.
Maybe not doing business with ( i.e. creating an account with )companies like Facebook who sells your information to their ‘partners’, much like Microsoft, Google and Comcast do, would actually end up benefiting you in the end.
Slamming organizations dedicated to the dissemination of information to all people without cost of money or personal information seems like shooting one’s self in the foot.
Hi –
Thanks for your post. I appreciate it.
I don’t believe I “hated”. By the way, I do like to use that with an object..Hating what?
Pedophilia? The issue wasn’t pedophilia. I mentioned NAMBLA as an example of the controversial nature of the ISP, not especially to pick on NAMBLA.
However, it is a fact that pedophilia and NAMBLA has a connection with intelligence ops that use sexual blackmail tactics….
You write “slamming organization dedicated to dissemination of information…without cost…”
Are you serious?
I didn’t slam. I pointed out that many default settings are very intrusive and alerted readers to it.
And these guys aren’t disseminating information as a service. They offer these freebies so that they can mine data and turn around and sell the stuff.
There’s more and more centralizing of this stuff.
It’s nothing but dangerous, especially for kids who post all kinds of personal junk without fully being aware of the repercussions.
Pingback: Bill Engdahl: Something Stinks About Wikileaks | LILA RAJIVA: The Mind-Body Politic
Greetings once again and thanks for your response.
Checking my ego at the door and reading your article, my post and your response; I can see that it may be possible that I overreacted to what I saw at the time as an attack on prq.se.
With the negative press that Julian Assange and Wikileaks are getting these days, I felt the need to defend the current ( though with the assistance of the Pirate Party in Sweden, perhaps not future ) hosting ISP.
The slamming comment was in regard to prq, not facebook. Again, obviously my passion got in the way of my argument. Reading your response, I can see that we are in agreement regarding the ( in my mind ) thoughtlessness of many who use facebook as their lives and the information they, as you correctly point out, freely disclose.
When people ask me about why I don’t have an active facebook page, I always point them to the South Park episode “You Have 0 Friends”. This obviously doesn’t even address the issues you raise, however makes more sense to most people than going into a rant about privacy.
After all, Mr. Zuckerberg can’t be wrong about privacy when he was so right about Facebook, right? ( I say facetiously )
In the end I want to thank you for your insightful article and will take the time to read more of your work.
Lycka till
Thanks…
Privacy is very important to me..which is why I’m not much of a fan of Assange and wikileaks..
I daresay I’m in a minority on that, but a very well informed and sharp minority.
There’s far more than meets the eye in the whole story
Thanks for your reply.
I admit ( nay, claim ) ignorance in a universe of issues.
If you have information or links, I would be appreciative
Never mind, found your list