Personal Info For 100 Million Facebook Users Harvested Into One File

Do you share your personal info with everyone on Facebook? If so, there’s a decent chance that data is now part of a file — containing information for around 100 million users of the social networking site — that’s now making its way around the Web.

The file was compiled by a security consultant who wanted to show how easy it was to harvest all the information from Facebook users who hadn’t made their profiles private. The info contained in the file does not include phone numbers, e-mail or postal addresses, though it’s conceivable that this information could be just as easily harvested.

Facebook poo-pooed the news, saying that the information on the shared file is already publicly available:

People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want… In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook… No private data is available or has been compromised.

While it is true that all the information in the file is readily available because those users didn’t make their profiles private, a privacy expert complains to the BBC that the massive size of this data harvest shows that many Facebook users don’t understand their privacy settings:

It is inconceivable that a firm with hundreds of engineers couldn’t have imagined a trawl of this magnitude and there’s an argument to be heard that Facebook have acted with negligence… People did not understand the privacy settings and this is the result.

Details of 100m Facebook users collected and published [BBC]

Comments

Edit Your Comment

  1. Rectilinear Propagation says:

    Meh. It’s finding the people who aren’t racist “but” through youropenbook.org that makes public FB accounts fun.

    • Coles_Law says:

      Oh wow…I think I have a new time sink now.

    • pinkbunnyslippers says:

      I think this newsfeed just confirmed my decision to delete fb:

      Lafin Et Her&Ha Team Haha Cuse Dey No Bmonae Neva Need Bak Up I Run By Myself Ids Dat Y? U Hoes Realli Mad Lmafo Da Same Hoes I Gave My Address 2Bout 15x’sTimes An We Nva Hd Nbodi Bold Ot Click 2Cum.I Run Past Alt Talk Yea Alt”Tuff Talk”Bt I Laf Et Shid Lke Dat Dats Y I Keep Close Un2 Dn I Observe.U Arguen Ova Da Same Nigga I Ben Hd Dat Dick Yo Frans Mst Wana Em 2Jumpn N Yall Hoes Sick Aha.

    • Bakergirl says:

      Ummmmm, I just tried to put openfacebook.org as a link to my friend on facebook, and shockingly it treated it as spam. I then wrote directly in the message, nope it was now considered an ‘error’ or ‘unable to post’……So…..I wrote it as a sentence with spaces and that finally worked! FU facebook!

  2. DanRydell says:

    Wait, why is this evidence that people didn’t understand the privacy settings? Because people chose to make information available to everyone? I understand the privacy settings and I willingly allow some information to be viewed by anyone.

    • chefboyardee says:

      Good point. Me too. I use Facebook (albeit very sparingly), and leave some of my stuff public in case someone wants to find me.

    • Loias supports harsher punishments against corporations says:

      You are assuming everyone is like you and doesn’t care.

      Most people don’t realize the impact of publicising your information.

      All I want FB to do is default privacy to the most private and allow me to choose what level of opennes I want.

      • DanRydell says:

        I’m not assuming anyone is like me, I’m simply offering myself as a counter example to the claim that 100 million names in a file is evidence that people don’t understand facebook privacy settings. The only way you could base that claim on the existence of this file is if you assume that none of those people wanted their name to be publicly visible. That’s clearly not true. If their belief is that some PORTION of Facebook users would want that information to be private, then that is consistent with the contents of this file – the file only contains 20% of Facebook users.

        On the topic of privacy settings and confusion – has your name EVER been private by default?

        This whole thing is just silly – is it news to anyone that information they chose to make available to everyone actually IS available to everyone?

        It would be interesting to trawl facebook and do a sort of 6 degrees kind of thing though.

        • RvLeshrac says:

          One person, or a dozen, isn’t a counterexample. If, on the other hand, 50 million people piped up with “We WANTED to make our info public,” that would mean something.

          • DanRydell says:

            Comprehension FAIL. They have no basis for making the statement they made, therefore the statement is worthless.

          • psm321 says:

            You need a large portion of people to say something to go either way though. Them saying “many Facebook users don’t understand their privacy settings” also requires a bunch of people to pipe up and say they didn’t expect this data to be available.

    • AI says:

      There’s a big difference between allowing your name and phone number to be published in a phone book, and someone putting it on a billboard. The same applies here.

      • Dondegroovily says:

        Umm, no, not a big difference. The phonebooks have their info online, too, and the security consultant could have crawled them instead and still would have your address and phone number.

  3. chefboyardee says:

    So this is the equivalent of someone searching for me on Facebook, and I wasn’t smart enough to make my FB account private, so they have whatever I posted up there?

    This isn’t really shocking to me. And it’s not FB’s concern either. If you care about privacy, make your data private (or don’t use Facebook). If you don’t care about privacy, stay the course.

    I fail to see how this is Facebook’s problem, as explained by the “privacy expert” whining to the BBC. This is a PEBKAC problem, plain and simple.

    • chefboyardee says:

      …and that’s all assuming that anyone considers it to be a problem. I agree with DanRydell, a lot of people choose to make some of their data public, myself included.

    • Mr_Human says:

      From a business perspective, it surely is FB’s problem.

      • Pax says:

        How?

        Or are you one of those people who thinks that the manufacturor of, say, a firearm … is somehow responsible for every nefarious deed some subsequent lowlife might put it to?

    • TheWillow says:

      So did you guys hear that someone has made a GIANT LIST of everyone’s phone number?! And they published it in a BOOK! and they’re sending it to EVERYONE. For FREE.

      Zomg. Privacy!

      • TheWillow says:

        AND if you don’t want to be on it, you have to like, make your phone number unlisted/unsearchable! that should be standard!

      • MongoAngryMongoSmash says:

        Things are going to start happening to me now!

  4. Loias supports harsher punishments against corporations says:

    The reason the data is already available on “Google, Bing, other search engines” is because it is on Facebook, stupid!

  5. marlathetourist says:

    I dont really understand the impact here. So someone now has my name and the fact that I have a Facebook account. What’s private about that? Isnt that the point of Facebook?

  6. pantheonoutcast says:

    “The info contained in the file does not include phone numbers, e-mail or postal addresses”

    So then what does it have? The number of people who “Like” Twilight?

    • Gramin says:

      I’m assuming the consultant simply wanted to point out privacy issues instead of being a complete ass. That said, he decided to leave out phone numbers and email addresses that were publicly available.

      However, it would be just as easy for someone else to pull that information using the same procedure as this consultant.

      • Griking says:

        It sounds to me that this consultant is good at getting a lot of attention by telling people things that they already know.

  7. UltimateOutsider says:

    Facebook says I own my data, but unfortunately, they give me as a user absolutely zero ability to search that data within the Facebook interface, and the only management capability is the Delete button. You cannot change the privacy settings of an existing post, and the only way to locate old posts you made is to click “Older Posts” which might take you several hours, depending on how far back you want to go. I am annoyed that a third-party aggregator has more control over my data than I do.

  8. ArcanaJ says:

    Once again very, very glad I deleted my account.

  9. montusama says:

    I like engadget’s headline
    “100 million Facebook pages leaked to a torrent site, creating the world’s least exciting torrent”

    A very boring torrent indeed, but it sucks that the information can just be taken with this. I just checked my settings everything but photos i’m tagged in is set to friends only (photo’s I’m tagged in is friends of friends)

  10. AngryK9 says:

    I wonder if any of those people who “did not make their profiles private” were owners of profiles that Facebook was kind enough to make public during one of their multiple policy changes.

    Regardless, it’s simple. If you don’t want information about you getting out to people you don’t know, don’t post it online. Especially phone numbers! I know several people that have their cell phone number plastered all over their profile, who complain constantly about the number of prank calls, telemarketers, text message advertisements that they keep getting.

  11. Rectilinear Propagation says:

    The info contained in the file does not include phone numbers, e-mail or postal addresses, though it’s conceivable that this information could be just as easily harvested.

    If they wanted to prove that this was easily harvested then why didn’t they harvest THAT data?

    • DanRydell says:

      Ummm… if you can see it on someone’s public Facebook page, it can be harvested. So basically, it depends on privacy settings.

      • MMD says:

        Umm…you missed the point. If they really wanted to make an impact, they would have harvested the data to prove how easy it is. They didn’t. Why?

  12. umbriago says:

    There’s a funny one going around about a girl who, after constantly giving out her personal information, location, activities and every other detail of her life on Twitter, Facebook and Foursquare, was creeped out to find someone using that information to hit on her.

    It’s not so much Facebook that’s at fault, it’s people who are just living their life online without thinking of the consequences: privacy, once out of the bag, is impossible to reclaim.

    And yeah, youropenbook.org is a never ending stream of lives, jaw-droppingly lived. Try searching for “fucking slut” sometime. Or mom and jail.

    Hey I’m going on vacation = hey come over and rob my house!

  13. JonStewartMill says:

    Good luck to them. The only true thing in my FB profile is my name.

  14. Straspey says:

    I am not now, nor have I *ever* used or registered for, or participated on one of the so-called “social networking” sites. Having been connecting with people on the internet since the mid 1980’s, I have plenty of other resources with which to do this and am able to stay in touch very well with my friends and family.

    I use a very strong SPAM filter with my email client and maintain a “junk” email account for those times when I must provide an email address in order to register on a website or do business with a company on line.

    If I “Google” myself there at least ten pages of results for other people with the same (or similar) name as mine, until eventually a few statle references show up from ten years ago.

    And yes – I have lots of interesting and fascinating friends, most of whom could not care less that I’m standing on line at the bank behind some “hot” looking person, am about to have a hamburger at that new place everybody’s talking about.

    ZZZZzzzzzzzzzz

    The reason people post every bit of their lives on the internet is due to the fact that we now live in a society which communicates via the media – and with the ever-rising popularity of those “Reality TV” shows – we have less real interest in maintaining our privacy.

    On the contrary – we WANT everybody to know all about us.

    We all WANT to be celebrities.

    And if you’re a celebrity, you have a lower expectation of privacy.

  15. RayanneGraff says:

    The solution to this problem is quite easy- the only things you should post online are things you *want* people to know about you. I can’t believe that is so hard to figure out for so many people. I’m on Facebook & I’ve never had any problems with security. And keep your profiles private, people! I don’t even have any sensitive info on my profile & my shit is STILL almost completely locked down. Mainly so I can bitch about my job w/o getting in trouble with my manager, but still.

    I have friends that post their phone numbers, kids’ names/ages/schools, & even their ADDRESSES on there, and ALL of it is public too. Do they WANT to be harassed/stalked/robbed/raped??? Combined with TMI status updates every 5 minutes, it’s like handing out an index card with your address, phone number, daily schedule, & a list of your fears to every stranger on the street.

    • pot_roast says:

      “Do they WANT to be harassed/stalked/robbed/raped??”

      Oh yes, because EVERYBODY on Facebook gets harassed stalked robbed and raped. Paranoid much?

    • ktetch says:

      Nothing on my facebook profile is stuff that can’t be obtained elsewhere, namely my personal site, or wikipedia. In fact, Wikipedia has more info on me than facebook, including my DOB, hometown, school and university, even the city I now live in. Ah the perils of being ‘notable’

  16. Fair&Balanced says:

    So if I put personal information on the internet then people can read it???
    That is shocking!

  17. WeirdJedi says:

    I think the situation comes up when people just want to use a feature but get bombarded with questions that they feel need to be answered to use that said feature. So let us say that they want to talk to Billy using the built-in instant messenger on Facebook. They create an account and get asked “What is your name? What is your phone number? What do you like to do?” They feel obligated to answer despite that tiny skip button at the bottom.

    Then they think their information is kept within a small group. Most people are blissfully unaware that some of your information is actually given out publicly. They really don’t know. All they know is that they can talk to Billy now and nothing else matters.

  18. nonzenze says:

    Way to fail to actually include the link: magnet:?xt=urn:btih:e54c73099d291605e7579b90838c2cd86a8e9575&dn=Facebook+directory+-+personal+details+for+100+million+users

  19. MNGirl says:

    Really? Maybe if you aren’t smart enough to go in and change your privacy settings, you shouldn’t be on the internet, because you could easily get yourself in trouble, (phishing scams, viruses, ect)

  20. JonBoy470 says:

    Security wonk making the point that having your personal info on the Internet is dangerous. Move along, nothing to see here…

  21. Tank Fuzzbutt says:

    That’s why my cat has a Facebook account and I don’t. Wait a minute, I am a cat!

  22. Amy Alkon says:

    Regardless of privacy settings, people need to regard Facebook as the equivalent of a big bulletin board in the middle of a public park, because it may very well become that in many cases. Maybe Facebook won’t give it up to a subpoena for information, but a divorce attorney, for example, may be able to subpoena somebody you’ve friended who’s read your information.

    If you want to tell people things, best to have drinks with them. I use Facebook to cross-post stuff I post on my blog, to promote media appearances, and to “yay” friends when they post about their accomplishments. Anything else, it’s really a security risk.

  23. INsano says:

    Do you share your personal info with everyone on Facebook?

    You’re a tool.

  24. econobiker says:

    DATA MINING, YEAH HA!!!

    Demographic clusters, FTW!!!

  25. ktetch says:

    What’s really funny, is that the headline says ‘one file’, and yet the screenshot clearly shows 11.

    README 1.67 KiB
    facebook-f.last-withcount.txt.bz2 63.27 MiB
    facebook-first.l-withcount.txt.bz2 35.22 MiB
    facebook-firstnames-withcount.txt.bz2 15.62 MiB
    facebook-lastnames-withcount.txt.bz2 20.19 MiB
    facebook-names-original.txt.bz2 480.71 MiB
    facebook-names-unique.txt.bz2 457.13 MiB
    facebook-names-withcount.txt.bz2 455.16 MiB
    facebook-urls.txt.bz2 1.29 GiB
    facebook.nse 3.82 KiB
    facebook.rb 1.19 KiB

  26. Evil_Otto would rather pay taxes than make someone else rich says:

    It’s simple. Kill the Bat.. wait, wrong idea.

    It’s simple. Don’t give Facebook any information that you know isn’t available through public records. Facebook has my name, my spouse’s name, my email address (which I kind of wish they didn’t, but that’s the cost of having an account), the town I live in, and my date of birth. Except for the email address, anyone can look that information up at little cost other than their time.

    That’s all they have. I don’t worry about losing that information, because for the most part I’d lost it long before I signed up for Facebook.

  27. djudd says:

    has anyone bothered to run this by a computer savvy person?

    It’s a phone book. It’s just a big freaking phone book filled with names and the already public URL to the profile of the person.

    That’s it…no history of wall posts, no home address’s, no phone numbers. This is FUD pure and simple and doesn’t represent any type of security breach at all. Oh noes! There’s a flat text file out there with my name in it, quick Stranger Danger!

  28. Keter says:

    So what? If you don’t put anything on your Facebook profile that you don’t want others to know, who cares if others get a hold of that information? What I have a problem with is people who send me a friend request and have a locked-down profile so I can’t know who they are without friending them…one turned out to be an aggressive neo-Nazi who was proud that he was passing on his hate to his children. Unfriended immediately and felt like I needed to take a shower.

  29. Jimmy37 says:

    This is a lot of rubbish. Anyone who uses Facebook without setting their privacy options deserves what they get.

    I made my profile public and put exactly what I wanted people to see on it. It doesn’t have my birthday. I’m not worried if someone knows what town I live in. They can get that from any phone book or public database site. Everything else on my website is for my friends only. Can they make copies of stuff and post it elsewhere? Sure, But I don’t put anything on the web that I don’t want anyone to see, ever.