Facebook Insecurity and Privacy

The ever growing facebook saga has reached a new chapter and a new low.

Facebook has been receiving the ire of the privacy and security community for all of 2010.  Yesterday, security researcher Ron Bowes of SkullSecurity found a new vulnerability and this one is huge.

Facebook's Directory page - https://www.facebook.com/directory - you can get a list of every searchable user on facebook.

Ron put together a Ruby script that harvested over 171 million names, usernames, and profile URLs.  You could easily add a picture and location information to this dataset and have a nice data-mining project on your hands. 

With this dataset as a baseline we could start crawling other social networking and media sites for similar user names, location information, and attempt to make social media profiles of individuals.  This would be a gold mine data set for advertising, law enforcement, intel gathering, etc.

The privacy issue is pretty clear cut here.  Facebook, in its continued march toward wide-open, unrestricted, and identifiable social networking has exposed the name, username, and picture of every searchable user to the public.  A smart hacker got wise and downloaded all of this information to prove a point.  He also released the 2.8GB of data through a torrent.  A smart advertising agency or foreign government can do the same thing to targeting individuals for profit or something worse.

171 Million names, usernames, and profile URLs exposed.  Keep repeating that until the gravity of it all sets in.