Facebook Data 'Leak' – it's not news, people

Security consultant Ron Bowles trawled Facebook’s public directory and published ‘data’ on 100,000,000 users. Some people are up-in-arms about the leak, crying that ‘something must be done’, but not what. Few people seem to have looked at the data and given a coherent response. In fact, there’s nothing exciting.
The data is 2.8GB and I’ve spent the last twelve hours downloading it. Good news, everybody – it’s rubbish! Your bank details, email addresses and the name of your first born child are not there. Neither is your date of birth, your location, or a photo. A telephone directory contains more information on you.
The data is simply a list of names and a large file containing URLs to entries in the directory with seemingly no relation to the names.
There’s some other data which are derived works of the original file – these are described as follows:

Filename                        Description
-------------------------------------------------------------------------
facebook.rb                     The script used to generate these files (v1)
facebook.nse                    The script that will be used for the second pass (v2)
facebook-urls                   The full URLs to every profile
facebook-names-original         All names, including duplicates
facebook-names-unique           All names, no duplicates
facebook-names-withcount        All names, no duplicates but with a count
facebook-firstnames-withcount   All first names (with count)
facebook-lastnames-withcount    All last names (with count)
facebook-f.last-withcount       All first initial last name (with count)
facebook-first.l-withcount      All first name last initial (with count)

So in summary, it’s a load of hot air.
What data appears for me? Looking through all the files – my name appears in facebook-names-unique once. And that’s it. According to Facebook’s directory, there are at least 192 people called Peter Hicks.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.