Last week’s ‘harvest’ of 100 million Facebook users’ private data serves as a stark reminder to people that ‘the internet is forever’, a security expert has warned: you have to assume permanent copies may be getting stored of what you post online.
“This incident has been characterised in some reports as a ‘hack’ – but this a poor description of what was really a ‘harvest’,” said Dermot Williams, managing director of IT security firm Threatscape.
“What happened is that a fairly simple program was written to collect and store basic information on Facebook users,” Williams explained.
“The information gathered was already publicly accessible on the Facebook website and in most cases, it had already been harvested and stored in other places, too – search engines like Google and Bing routinely now index and link to Facebook pages.”
Last week, Ron Bowes of SkullSecurity.com proved he was able to spider through Facebook’s online directory and download 100 million users’ names, address and phone numbers onto a single bit torrent file that could downloaded from his website.
Williams said the incident serves as a stark reminder to people that ‘the internet is forever’: you have to assume that permanent copies may be getting stored of what you post online.
“This means that by the time you change your mind about just what you want to be accessible to others, it may be too late – your digital footprint may have hardened to concrete. There are many implications: reduced privacy, loss of control of data, susceptibility to fraud and identity theft, and more.”
On whether Facebook are to blame for this, Williams said it was 50:50.
“As they have been quick to point out, the information gathered was already publicly accessible. And yes, they have made strides in recent months to improve the privacy settings available to their users; however, the default privacy settings probably expose more information than most users realise.
“Even if a user chooses not to allow their profile to be accessed via Facebook’s search facilities, if any of their friends who link to them are ‘searchable’, that opens up an indirect means of locating their profile – which was exploited on a massive scale in this case,” Williams said.