Details of 100m Facebook users collected and published

Mark200 · 30-07-2010 07:52PM

messymess wrote: »

God knows what else he scraped! Peoples walls, their pics?

As said many times already, the only information in the files is the name and profile url of a user.

PogMoThoin · 30-07-2010 07:55PM

Mark200 wrote: »

As said many times already, the only information in the files is the name and profile url of a user.

If someone can scrape 100m profile url's without getting detected or ringing alarm bells, just how lax is the security or do they even give a shít?
Glad I'm not a Facebook user

Mark200 · 30-07-2010 07:57PM

PogMoThoin wrote: »

If someone can scrape 100m profile url's without getting detected or ringing alarm bells, just how lax is the security or do they even give a shít?
Glad I'm not a Facebook user

You don't know how it was done, and over what time period it was done.

The security is as lax as a user sets it to be.

messymess · 30-07-2010 07:58PM

Mark200 wrote: »

As said many times already, the only information in the files is the name and profile url of a user.

...and what other information did he scrape in the process that hasn't been published yet?

How many other people are scraping the site right now, going one better and one further?

It's a far bigger issue than just this one incident.

PogMoThoin · 30-07-2010 08:01PM

Mark200 wrote: »

The security is as lax as a user sets it to be.

Not the user set security, the security on the servers the info is stored on. How secure are they? Boards.ie got hacked, what are Facebook doing to prevent the same, has it already happened. Facebook is a much bigger target

30-07-2010 08:01PM

PogMoThoin wrote: »

If someone can scrape 100m profile url's without getting detected or ringing alarm bells, just how lax is the security or do they even give a shít?
Glad I'm not a Facebook user

That's incredibly easy to do. Do you have any idea how many requests are made to the Facebook site on average per day? There's no way to combat someone scraping public information.

Mark200 · 30-07-2010 08:02PM

messymess wrote: »

...and what other information did he scrape in the process that hasn't been published yet?

How many other people are scraping the site right now, going one better and one further?

It's a far bigger issue than just this one incident.

The scripts he (claimed) he used are included in the download.

If you read the article, you would have seen that he claims to have done this in order to highlight the lax security in which you're referencing... so to call someone who gathered everyone's name and profile url in order to highlight facebook security concerns as a "complete cock sucker" is at best childish, but in reality extremely idiotic.

He's taking your corner. Or, really, you're taking his without realising.

30-07-2010 08:03PM

PogMoThoin wrote: »

Not the user set security, the security on the servers the info is stored on. How secure are they? Boards.ie got hacked, what are Facebook doing to prevent the same, has it already happened. Facebook is a much bigger target

What does that have to do with the topic? What is any website doing to prevent hacks? Are you aware of any successful hacks? Why is Facebook more susceptible than Amazon or Ebay, where they have your credit card details?

orourkeda · 30-07-2010 08:04PM

Henrietta like cheeseburgers.

I'm sure nasa are whacking off as we speak.

Mark200 · 30-07-2010 08:05PM

PogMoThoin wrote: »

Not the user set security, the security on the servers the info is stored on. How secure are they? Boards.ie got hacked, what are Facebook doing to prevent the same, has it already happened. Facebook is a much bigger target

Well there's a huge difference between scraping publicly available info, and actually hacking into the servers. I don't know how I was supposed to know you were talking about hacking when the only thing you talked about in your post was scraping public info.

They haven't been hacked, yet. So that says something. We don't know how secure their servers are... so there's no point getting your panties in a knot over a problem that may or may not exist.

PogMoThoin · 30-07-2010 08:11PM

Mark200 wrote: »

They haven't been hacked, yet. So that says something. We don't know how secure their servers are... so there's no point getting your panties in a knot over a problem that may or may not exist.

You don't know that, Boards got hacked and immediately went public on it, how many sites get hacked and keep it quiet rather than face the embarrasment?

Mark200 · 30-07-2010 08:14PM

PogMoThoin wrote: »

You don't know that, Boards got hacked and immediately went public on it, how many sites get hacked and keep it quiet rather than face the embarrasment?

Facebook has 1,400 employees. I find it extremely hard to believe that a social networking site as high-profile has Facebook could cover up something like that.

Not to mention the fact that hackers usually hack for the glory... whoever successfully hacked Facebook and got a significant amount of private user information would not keep it quiet.

PogMoThoin · 30-07-2010 08:18PM

Mark200 wrote: »

Facebook has 1,400 employees. I find it extremely hard to believe that a social networking site as high-profile has Facebook could cover up something like that.

Not to mention the fact that hackers usually hack for the glory... whoever successfully hacked Facebook and got a significant amount of private user information would not keep it quiet.

http://www.tomsguide.com/us/Facebook-Mark-Zuckerberg-Social-Networking-privacy-security,news-6794.html

Mrmoe · 30-07-2010 08:19PM

Facebook is no different from any other online resource such as an email providers like Gmail. Someone tried to access/login my facebook profile from the USA at the start of the week. I received a notification indicating this and subsequently changed my password. If somebody wanted to get good information about me they would be better off hacking my email accounts. There would be juicier information in there. If you don't want information available on the net then don't post it.

messymess · 30-07-2010 08:19PM

Mark200 wrote: »

The scripts he (claimed) he used are included in the download.

If you read the article, you would have seen that he claims to have done this in order to highlight the lax security in which you're referencing... so to call someone who gathered everyone's name and profile url in order to highlight facebook security concerns as a "complete cock sucker" is at best childish, but in reality extremely idiotic.

He's taking your corner. Or, really, you're taking his without realising.

The article I read claims he compiled this list to put together the most "common names" for use in password attacking scripts, not as a privacy crusade to fight the good fight for Facebook users. I'll reserve further judgement until I find out more about this guy, his activities and I download the data but the term that's bandied about the industry is "responsible disclosure", I don't believe this fits the bill, he behaved irresponsibly to stroke his own ego ..... why didn't he publish the data anonymously?

Mark200 · 30-07-2010 08:21PM

PogMoThoin wrote: »

http://www.tomsguide.com/us/Facebook-Mark-Zuckerberg-Social-Networking-privacy-security,news-6794.html

So you never said stupid things that you didn't mean when you were 19? Fair play.

Mark200 · 30-07-2010 08:24PM

messymess wrote: »

The article I read claims he compiled this list to put together the most "common names" for use in password attacking scripts, not as a privacy crusade to fight the good fight for Facebook users. I'll reserve further judgement until I find out more about this guy, his activities and I download the data but the term that's bandied about the industry is "responsible disclosure", I don't believe this fits the bill, he behaved irresponsibly to stroke his own ego ..... why didn't he publish the data anonymously?

What on Earth difference would publishing the data anonymously make?

You can find out the most "common names" from any census website or statistics website on the internet. You don't need to crawl facebook to get that kind of information.

temply · 30-07-2010 08:24PM

orourkeda wrote: »

Henrietta like cheeseburgers.

I'm sure nasa are whacking off as we speak.

30-07-2010 08:26PM

PogMoThoin wrote: »

http://www.tomsguide.com/us/Facebook-Mark-Zuckerberg-Social-Networking-privacy-security,news-6794.html

I have a friend in AIB who tells me he'll get me any account information I want on any customer. Says he's already looked up my credit record. Doesn't mean crap, it's a couple of friends joking around. Where's the follow on conversation where he actually gave out information?

PeakOutput · 30-07-2010 08:27PM

non issue to be honest

IM0 · 30-07-2010 08:28PM

did your mammy not ever tell you to not accept sweets from strangers, people make choices, they live with the consequences

I joined up this year, first thing I did was go around deciding who I would let see what.

messymess · 30-07-2010 08:38PM

Mark200 wrote: »

What on Earth difference would publishing the data anonymously make?

Because I believe he's trying to inflate his ego and presence within his industry by doing this. If his intentions were entirely pure the data would speak for itself and would ultimately have the same effect, regardless of whether his name has anything to do with it or not. He also violated Facebooks T&C's by doing this and I'd be interested to see what the data protection commissioner has to say about it.

You can find out the most "common names" from any census website or statistics website on the internet. You don't need to crawl facebook to get that kind of information.

Yep, this is partly my point! This is what he says he gathered the data for. Why does he need to publish it even.

Bob the Seducer · 30-07-2010 10:18PM

messymess wrote: »

Because I believe he's trying to inflate his ego and presence within his industry by doing this. If his intentions were entirely pure the data would speak for itself and would ultimately have the same effect, regardless of whether his name has anything to do with it or not. He also violated Facebooks T&C's by doing this and I'd be interested to see what the data protection commissioner has to say about it.

Yep, this is partly my point! This is what he says he gathered the data for. Why does he need to publish it even.

He seems to be little more than an ethically dubious self publicist who's previous torrent releases appear to include hd porn and cracked copies of Counter Strike.

By releasing this database of publicly available info, he gets publicity for himself, his "security" company and their next software release - which is a brute force username and password cracker.

Mark200 · 31-07-2010 12:25AM

messymess wrote: »

Because I believe he's trying to inflate his ego and presence within his industry by doing this. If his intentions were entirely pure the data would speak for itself and would ultimately have the same effect, regardless of whether his name has anything to do with it or not. He also violated Facebooks T&C's by doing this and I'd be interested to see what the data protection commissioner has to say about it.

Well first of all, he used his name to publicise what has been done. If some anonymous randomer uploaded the torrent in question to tpb without any publicity surrounding it, I doubt anyone would ever even notice... never mind it hitting the news.

Second of all, he has (apparently) been warning about Facebook's privacy protections for a long time... of course he'll want credit for any achievements in making Facebook strengthen their privacy protections.

What part of Facebook's T&C's did he violate? Probably something very tame about automated scripts. I doubt the data protection commissioner would have very much to say about making publicly available information searchable... *cough* Google *cough* Bing *cough* any search engine *cough*.

messymess wrote: »

Yep, this is partly my point! This is what he says he gathered the data for. Why does he need to publish it even.

Actually, the original point you were trying to make was that his gathering of Facebook's most popular names could be used for some sort of password cracking. Hence my reply stating that the same information about the world's most common names could be easily gathered from the census.

I think the reason he published it is, as you said, some sort of ego boost as well as the fact that he probably believes that he has proven something. He hasn't. He thinks he has shown something, when in fact he has just provided us with a search engine for Facebook's public information that Facebook already provides us a search engine for.

Details of 100m Facebook users collected and published

Comments