Security consultant Ron Bowles trawled Facebook’s public directory and published ‘data’ on 100,000,000 users. Some people are up-in-arms about the leak, crying that ‘something must be done’, but not what. Few people seem to have looked at the data and given a coherent response. In fact, there’s nothing exciting.
The data is 2.8GB and I’ve spent the last twelve hours downloading it. Good news, everybody – it’s rubbish! Your bank details, email addresses and the name of your first born child are not there. Neither is your date of birth, your location, or a photo. A telephone directory contains more information on you.
The data is simply a list of names and a large file containing URLs to entries in the directory with seemingly no relation to the names.
There’s some other data which are derived works of the original file – these are described as follows:
Filename Description ------------------------------------------------------------------------- facebook.rb The script used to generate these files (v1) facebook.nse The script that will be used for the second pass (v2) facebook-urls The full URLs to every profile facebook-names-original All names, including duplicates facebook-names-unique All names, no duplicates facebook-names-withcount All names, no duplicates but with a count facebook-firstnames-withcount All first names (with count) facebook-lastnames-withcount All last names (with count) facebook-f.last-withcount All first initial last name (with count) facebook-first.l-withcount All first name last initial (with count)
So in summary, it’s a load of hot air.
What data appears for me? Looking through all the files – my name appears in facebook-names-unique once. And that’s it. According to Facebook’s directory, there are at least 192 people called Peter Hicks.