Security specialist Ron Bowes has once again proven how easy it is to glean valuable user information from Facebook, by spidering Facebook’s online directory and compiling it all into one neat little torrent that could be downloaded off his site, SkullSecurity.com. Bowes created a torrent containing over 171 million entries with links to profiles that provide access to the names, addresses and phone numbers of 100 million users, one fifth of Facebook. Bowes accessed Facebook’s directory, which has the default dictum “Anyone can opt out of appearing here by changing their Search privacy settings.†Yeah, but should they have to? These kinds of security breaches will only encourage more hackers desperate for attention. Now would be a good time for Facebook to set their default search to “Friends Only.†Why? Because most people are aren’t quite aware that check mark next to “Everyone†includes a hacker who can grab your personal info, package it up and sell it to the highest bidder. According to Bowes the torrent contains (at 2.8 GB, our torrent is “still downloadingâ€) … * The URL of every searchable Facebook user’s profile. * The name of every searchable Facebook user, both unique and by count (perfect for post-processing, datamining, etc). * Processed lists, including first names with count, last names with count, potential usernames with count, etc. * The programs [Bowes] used to generate everything [which makes it easy for other hackers to replicate the process] While the advice to an individual user to change your privacy settings may be moot at this point, the suggestion that Facebook make it profiles unindexable by default isn’t. Especially when you read the more ominous statement from Bowes further on in his post on the breach, “So far, I have only indexed the searchable users, not their friends … I’d like to tackle that in the future.†Resource From http://techcrunch.com/2010/07/28/hacker-proves-facebooks-public-data-is-public/
Interesting read, but then you realize who really cares who has your address. There are plenty of people you encounter every day that could follow you and kill you, but they don't. If they don't want to harm you, then they might market to you, but that will cost them $$ so it's not limitless. As long as they aren't scraping results for my bedroom activities it's assumed you don't care who knows what you put online, cause well, it's online.
Apparently, Apple, the BBC, Bertelsmann Media, Boeing, Cisco Systems, Deutsche Telekom, Disney, Duracell, Ernst & Young, Fujitsu, Goldman Sachs, Halliburton, Hitachi, HP, IBM, Intel, Lockheed-Martin, Lucasfilm, Mitsubishi, Motorola, Novell, Nvidia, Pepsi Cola, Procter and Gamble, Sega, Siemens AG, Sony, Sun Microsystems, Symantec, Time Warner, Viacom and Vodafone. Of course, the fact that a download is being requested by a particular company's computer doesn't mean that it's an officially-sanctioned download by that organisation. But it might be. http://www.thinq.co.uk/2010/7/30/big-businesses-download-facebook-user-torrent/