Skull Security Offers Up 100 Million Facebook Profiles to Anybody

Facebook has struggled with privacy issues.
Facebook has struggled with privacy issues.

Facebook's been beaten to a pulp over privacy issues, but the latest flap is someone else's doing. Skull Security, an Internet security consultant, has noodled around on Facebook's public directory, which lists all the users' public profiles that haven't been checked off as non-searchable on the Internet.

And what did Skull Security land with this fishing expedition? Plenty. It collected information on 100 million Facebook users, according to a post on Skull Security this week and made the data available to anybody with Internet access and 3 gigabytes of free storage space.

That's 1 out of every 5 Facebook users, based on the company's recently touted benchmark of surpassing 500 million users.

Database of Facebook Users

In extracting the data en masse from the Facebook directory, Skull Security has, in essence, created a one-stop shop for information on Facebook users. Here's what the folks at Skull Security collected, according to their post:

  • The URL of every searchable Facebook user's profile.

  • The name of every searchable Facebook user, both unique and by count (perfect for post processing, data mining, etc)

  • Processed lists, including first names with count, last names with count, potential usernames with count, etc.

  • The programs used to generate everything.

Will there be any takers for this directory torrent? And Skull Security is also advocating that those who download his copy also host it and offer it up for others to download, kind of a Johnny Appleseed approach.

So, should folks who had their searchable Facebook profiles in the directory worry? The person behind Skull Security seems to think so, according to his blog post:

I realized that this is a scary privacy issue. I can find the name of pretty much every person on Facebook. Facebook helpfully informs you that "[a]nyone can opt out of appearing here by changing their Search privacy settings" -- but that doesn't help much anymore considering I already have them all (and you will too, when you download the torrent). Suckers!

Probably Not Harmful, But...

But in terms of creating additional financial or physical harm to people by further populating the Internet with their user profile information that is already searchable? Not likely. Nonetheless, Skull Security noted:

Once I have the name and URL of a user, I can view, by default, their picture, friends, information about about them, and some other details. If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops :)

Andrew Noyes, a Facebook spokesman, had this to say in a statement:

People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want.Our responsibility is to respect their wishes. In this case, information that people have agreed to make public was collected by a single researcher. This information already exists in Google, Bing, other search engines, as well as on Facebook. No private data is available or has been compromised.

Similar to the white pages of the phone book, this is the information available to enable people to find each other, which is the reason people join Facebook. If someone does not want to be found, we also offer a number of controls to enable people not to appear in search on Facebook, in search engines, or share any information with applications.