Facebook is the fastest growing social networking site in the world today with up to 250,000 new users being added every day. But sharing information on Facebook has lots of risks including your name which can be accessed by others and your profile can be viewed. Anyone can get valuable information and private photos from your profile — ultimately getting you in big trouble.
A recent announcement that a private consulting firm has data-mined the names and URLs of over 170 million profiled Facebook users has brought additional questions to the forefront regarding the internal security of the world’s most popular social networking site.
Consultant Ron Bowes from Skull Security scanned more than one third of Facebook’s 500 million users and uploaded the data into a torrent file, a type of meta-data that allows for person-to-person filesharing. Torrents have come under scrutiny and media attention because of their tendency to be used to swap illegal data and because overall, they are unregulated.
Facebook responded to the concern and said that no profiles were illegally hacked and that the information was not unlawfully obtained. All of the information scanned off of Facebook was available for any Facebook user and none of the information that any individual user marked as private was released.
Nevertheless, this is the first time that such an enormous data load was harvested from Facebook, and it has raised questions about the how this information is going to be used.
Users are upset because at the very least, they anticipate they will be exposed to a greater number of spam emails, advertisements and phishing attempts, some of which may be malicious in nature or attempting to pirate sensitive information for unlawful purposes.
Facebook’s own privacy policy warns users that “…such information may, for example, be accessed by everyone on the internet (including people not logged into Facebook), be indexed by third-party search engines, and be imported, exported, distributed, and redistributed by us and others without privacy limitations.”
This caveat does little as far as providing relief and does not explain why Facebook would allow this to occur. Public records show that as of the writing of this article, over 15,000 people or businesses have already either downloaded the file directly or have “seeded” it by downloading the torrent and uploading it to another file.
What was exposed?
The amount of information gleaned depends on each individual’s user settings. In general anyone can Google a person and see if they are on Facebook. User’s names, email addresses, telephone numbers, a sampling of their ‘friends’ and a host of information regarding their ‘likes’ and ‘dislikes’ are oftentimes made public by each user.
A growing number of businesses and news media outlets are using Facebook to build their advertising and draw in potential new customers. In turn, businesses analyze the demographic data of those who have joined their site. Since almost all businesses allow their site to be open to any non-Facebook user, the amount of information scanned is substantial.
How do I know if my information was farmed in the data pull?
PC.world.com gives the following helpful instructions:
“From your Facebook profile dashboard, click on ‘Account’ in the upper right hand side of your dashboard. Select ‘Privacy Settings,’ and then on the next page under ‘Basic Directory Information’ click on ‘View Settings.’ If the first listing called Search for me on Facebook is set to Everyone, then chances are your name and profile URL are in the torrent file.”
You should also check to see if you have enabled the public search option. Go to your Privacy Setting page and click on Edit Settings. Un-check the box in order to disallow the public to search your profile. This will also prevent external search engines like Google and Bing from indexing your profile.
How can I protect myself?
Simply stated, reconsider what you want others to see or know. The fact that you are on Facebook and the URL of your profile are not as sensitive as say, your personal contact information, your address, your place of employment, your age and birth date or email addresses.
You have control over the amount of information that you want others to see, but you must make good use of the privacy settings to restrict this information; Facebook does not establish these guidelines for you by default.
You may choose to allow information to be seen by just your ‘friends’ or you can allow additional viewings by those who are ‘friends of friends.’
Of course, the best way to protect your identity from being stolen or used unlawfully is not to register yourself on social networking sites to begin with. The risks are inherent, and the consequences may be severe. Facebook certainly has tied the world together, but many have found it to be an enormous time waster, as well as a seedbed of potential unwanted or even dangerous “relationships.”
