Facebook torrent hack makes free download of personal user data

a geek and poke cartoon lampooning facebook

The Facebook torrent hack mined the personal information of 171 million Facebook users and made the data free for anyone to download. Geek and Poke illustration.

The Facebook torrent is a file of data on Facebook that a hacker mined and made available free for anyone who wants it. Ron Bowes wrote a web crawling code that scraped the Facebook directory for details about 171 million Facebook users. Bowes put the 2.8 GB file online as a torrent. Facebook said the Facebook torrent is no big deal — it just contains information on users anyone can get from a Facebook search. But others say the Facebook torrent is another indictment of Facebook privacy policy, and users should be concerned.

Facebook torrent exposes 171 million Facebook users

The Facebook torrent contains names, profile URLs and unique user IDs for 171 million Facebook members. Daily Tech reports that Bowes, who heads a company called Skull Security, posted the Facebook torrent on Pirate Bay. As of the morning of July 28, the Facebook torrent had about 13,000 active downloads on Pirate Bay. The data that Bowes scraped and packaged contains information Facebook users have either chosen to share or neglected to protect. Facebook users who have locked their privacy settings to friends only aren’t listed in the Facebook torrent.

Facebook privacy issues

The Facebook torrent emerges after multiple changes have been made to Facebook privacy settings to make user data more accessible for commercial use. In a statement to BBC News, Facebook said personal information people have “agreed to make public” was collected by a researcher, and that no one’s privacy has been compromised. However, Tech Crunch said with the advent of the Facebook torrent hack, now would be a good time for the default Facebook privacy settings to change to “Friends Only.” Letting “Everyone” see your Facebook information includes a hacker who can grab your personal data, package it and sell it to the highest bidder.

Personal data on Facebook torrent can never be deleted

Facebook said the personal information mined and distributed in the Facebook torrent can be found by anyone on Google, Bing or Facebooksearch. But Future of the Internet makes the point that the Facebook torrent is a snapshot of Facebook’s directory that lasts forever. Going forward when users delete their accounts or restrict their Facebook privacy settings, that personal information remains available to the world on the Facebook torrent.

Facebook torrent hacker targets friends of users

In addition to the personal data for one fifth of all Facebook users, the Facebook torrent contains the programs Bowes used to mine the data. Tech Crunch said in a post describing his hack, Bowes wrote that so far, he’s only indexed searchable users, but he wants to go after their friends next. Until Facebook switches to friends only by default, which is unlikely, users opt out:

Go to Account > Privacy Settings > Applications, Games, and Websites (link near the bottom, in a box) > Public Search > (Uncheck box).

Other recent posts by bryanh