A compilation of Facebook pages (and personal information) of 100 million users of the popular social network is available for download on a torrent site, courtesy of hacker Ron Bowes of Skull Security.
Those pages are by no means secret – anyone who uses a search engine can view them, since the users in question haven’t tweaked their privacy settings in such a way as to be exempt from a search, and they are therefore part of Facebook’s open access directory. But, there is no doubt that having them all in one place will be a godsend to anyone bent on data mining.
User names and profile page URLs are available in the torrent, and by following them personal information (address, birth date, phone numbers, etc.), friends and their picture can be be viewed. What’s more, friends of all those users that have opted to be non-searchable – can now be found by clicking through the profiles on the list.
To harvest all those pages, Bowes wrote a Ruby script that functions as a web crawler, and set it loose on the directory.
“But it occurred to me that this is public information that Facebook puts out, I’m assuming for search engines or whatever, and that it wouldn’t be right for me to keep it private. Why waste Facebook’s bandwidth and make everybody scrape it, right?” he says.
So, he fashioned a torrent that contains the URL of every searchable Facebook user’s profile, the name of every such user, some processed lists and the programs he used to generate everything, and leaked it on a torrent site.
A quick glance at the comments beneath the post will tell you immediately that there are quite a few ways of misusing this information. “Looks great as a dictionary for driving brute-force SSH/website attacks or similar. What’s the betting that there’s at least 10,000 users in that list whose password is some variation on their date of birth which, of course, they’ll publish too?” says in one, and I’m guessing he’s not the only one who thought of that.