Ron Bowes, an online security consultant had a thought which he put down on paper so that all the “ingenious” people might be informed. The first and last name (and similar lists) of 100 million users on Facebook is not a remarkable discovery. There is no delight in owning anything unshared. The information “exposed” is absolute public knowledge and searchable in Google, Bing and so on. Users knowingly or unknowingly have chosen to be found in this fashion. David Harley’s blog discusses and references other sources that talk about Facebook privacy.
The torrent available for download consists of archived text files. The information available in the text files was extracted using a Ruby and NMAP scripting engine script which are available in the torrent too.
The descriptions of each file as follows:
Filename
|
Description
|
facebook.rb
|
The script used to generate these files (v1)
|
facebook.nse
|
The script that will be used for the second pass (v2)
|
facebook-urls
|
The full URLs to every profile
|
facebook-names-original
|
All names, including duplicates
|
facebook-names-unique
|
All names, no duplicates
|
facebook-names-withcount
|
All names, no duplicates but with a count
|
facebook-firstnames-withcount
|
All first names (with count)
|
facebook-lastnames-withcount
|
All last names (with count)
|
facebook-f.last-withcount
|
All first initial last name (with count)
|
facebook-first.l-withcount
|
All first name last initial (with count)
|
In this case the information revealed may not cause major privacy issues for its users. This might not be the case in the future. Worst-case scenarios are left up to the human imagination. We probably don’t want another Ron Bowes-inspired action to reveal our online identity and information with such ease. Care should to be taken to protect it by understanding the privacy controls (http://www.facebook.com/privacy/explanation.php) and not sharing too much.
Tasneem Patanwala
Malware Researcher