Facebook users data could help researchers, creator says

Many people were surprised last week when they learned an online security consultant had managed to compile the names of 100 million Facebook users and publish them in an online database.

Ron Bowes, the man who created the file, told Consumer Ally he did it as part of a "password auditing" project for Nmap Security Scanner, a free and open source security tool online.

He e-mailed Consumer Ally about his decision to create and make the database accessible and the uproar over it.

Bowes, who is a developer for Nmap and also blogs at SkullSecurity.org said a small portion of Nmap's purpose is to audit passwords.
"Frequently, we run into the case where a company's conventions for creating usernames are known (for example, first initial last name), but we don't know the names of any employees," he said. "With this list in hand, we are now able to find the top 10, 50 or million usernames."

Bowes has pointed out that Facebook already has the data he used available available publicly. What Bowes did, however, was create a short script to parse the data and put it in a "user-readable format."

Bowes said he expects the information to be used for statistical data and describes it as the most complete and international list of names available. He said he made his database accessible to help other researchers like him and for sociological reasons.

"You can answer questions like 'what is the most common first name?' or 'what is the most common last name when somebody is named Joe or questions of that nature," he said. "Nothing groundbreaking, likely, but it is something that I don't think people could do before."

But critics worry whether the database could be used for the wrong reasons.

To that, Bowes says, "If I can do this then thousands of bad guys can too. By publicizing this, it at least draws attention to the potential issue."
Read Full Story

From Our Partners