Un-Ethical Conduct By Security Firm Leads to Facebook Leaks

Donation Goal

Donate Now Goal amount for this year: 799 USD, Received: 100 USD (13%)

Please donate to help support this website. The funds will be used to purchase owned license of LiteSpeed Web Server Enterprise (2-CPU). It provides superior performance in terms of raw speed, scalability and anti-DDoS capabilities.

Un-Ethical Conduct By Security Firm Leads to Facebook Leaks

Posted By Paul\HellNoire In Category: Computer

Jul
30
2010

I’m normally not one who wants to post his thoughts on Raymond.cc, or anywhere else for that matter. If I am to explain my deepest thoughts, usually I like speaking face to face, which is why this is most likely going to be the first and the last time you see me coming so wildly off topic today, although it is still technology related.

About two nights ago, a security firm decided to do what most of us would deem as unthinkable and uploaded a 2.8 gig torrent of the personal data that was found on Facebook. At this time, that is about one in five users who had their privacy lost because the ‘security firm’ wanted to bring to attention how large of a hole it was for someone to see your personal information on Facebook without changing the default settings of your Facebook privacy. As of this time, that torrent has had about 1000 downloads and will no doubt be clocking in it’s millionth download by tomorrow, so this isn’t so much about free press but a rant against what they did in terms of ethics.

I admit, before I continue, I have to say that Facebook is the worst spot on the internet if you’d like to have privacy. Friends requests, applications, ads that are using your name by default, you name it and Facebook’s pre-approved all this for you without you even clicking anything more then the ‘I agree to the Terms of Service’. For those that are counting, the Facebook Privacy Policy has gotten longer with ever revision as well as eroding more and more privacy. It’s gotten so bad that the Electronic Frontier Foundation has post on their policy! So don’t get me wrong, this isn’t just a fail on the head of that security firm, but it is a horrible taste in your mouth because it already sets the wrong example on the internet in terms of privacy.

And now to top it all off, Facebook has now officially suffered the worst security breech ever: one in five users had their personal details lifted off their account and uploaded by a ‘security company’. Now I use this term very loosely because I feel that if it was a real company, it should have contacted the users that it was able to, rather then risk being sued by Facebook and the 100 million users who have officially lost their privacy permanently due to this ‘firm’. But instead, being completely irresponsible, has uploaded the information to a torrent.

It’s impossible to reverse this hole in your security now, but there is one major saving grace in how they chose to present this problem. The ‘firm’ leaked only names, and not any other information they could have leaked. This is literally the only saving grace. This is the one time when you should be listening, and you should take this warning right away: change your privacy settings. Right now, and make sure they are set to be as secure as Friends Only or Only Me. This is the tipping point of the iceberg, folks, and this should be the wake up call for those that keep saying “Well, I’m not going to post anything no one will not need to read…”

In fact, this is the reason why Raymond doesn’t use Facebook, and why my settings are so restricted that I must add you for you to see me. Otherwise, I am completely invisible. Because there are some people out there in the world that are insane enough that will find a way to destroy your life. Consider if this was one of the black hat hackers, the evil ones that destroy computers for fun. Your entire life at this point, as you know it, would be completely and utterly destroyed. We should be thankful it’s just the first and last names only, and of those that didn’t set their privacy settings beyond the default. However, as I said above: this is the tip of the iceburg. And it’s only going to get worse as time goes on if your settings haven’t been changed yet.

Reclaim Privacy shows how secure your Facebook Privacy Settings are

FREE Kaspersky Security Suite CBE Win7 (Internet Security 2010) for ALL Windows 7 Users

FREE Total PC Security Software Developed by Security Experts

FREE 1 Year PC Tools Internet Security 2009 Genuine License Key for EVERYONE!

http://pceasies.com pceasies

The security group just ran a script that compiled a list of names found on Facebook using the search. They didn’t hack or steal anything. Anyone who wanted this information could have gotten it by doing a simple search.
Paul\HellNoire

@pceasies, despite this, I don’t think it was ethical all the same because if you’re going to do this, you should contact the people, contacting people so they can learn from their mistakes, that would seem ethical to me. But to put their names up on a torrent? Still seem unethical to me…

Also, I did say that in the post. It’s still not ethical though if you ask me.
http://heloooo Dan S.

i believe it’s called an iceberg.
otherwise, an eyeopener. i personally don’t use facebook but i’ll forward this article to all my friends who do use it.
regards.
Rudi Pittman

Paul,

Would you be willing to post some screenshots or suggested settings for facebook? I think a “lock down” guide for the average facebook user would be appreciated by many.
Paul\HellNoire

@Dan S., yes, my typo. Sorry about that.

@Rudi Pittman, already did. See here.
Amey Dev

omg..this is so bad
Vertigo

Nice info. Unfortunately those who don’t allready know this are not going to see the big deal.
If there was a quick and easy guide to a minimum of security settings, like Rudi suggest, most are unlikely to change anything. Keep up the good work.
any

Facebook was doing wrong, everybody knew it and now someone has make it more obvious. Don’t chase or talk about who did the list, anyone can do it, force Facebook to change their default settings and all will be fine.
ilev

May be replaced the file on PB but the original file contained user account names and a URL for each user’s profile page, from
which details such as addresses, dates of birth or phone numbers can be accessed.
Accessing a user’s page from the list will also enable you to click through to
friends’ profiles – even if those friends have made themselves non-searchable
KaYaN

Useful info Hell.
Btw, what is your FB account?I wanna be your friend in your FB :)
Oh course with your permission :)
Varun

I don’t mind them disclosing this, sooner facebook dies the better, and if it takes this or leaking of even more personal info i’am all for it.
I don’t consider it unethical. The fact a security firm firm did this i don’t care personally. fb needs to die.
Paul\HellNoire

@KaYaN, I offer only to people. I don’t let offers happen in return.

@Varun, while I can agree, Facebook should be shut down… that’s the wrong point of view in terms of burning. Because if people’s lives are messed up by this… I know I wouldn’t like that much.

@ilev, only if they’ve set to Friends of Friends or higher. I’ve set mine to Only Friends and Only Me since the very beginning.
Zimbo

In some respects, the security firm did GOOD. From my understanding all they released was names, which is not much of a security risk, but at the same time they have highlighted in a very BIG way, the issue of paying attention to your privacy settings. I am the same as you Paul, you can’t see me even if you tried, but for those who did not pay attention to their privacy, I am sure they are running to sort them out straight away. I am happy that a security firm highlighted this issue before a Hacker took advantage of it.
Paul\HellNoire

@Zimbo, in some accounts of what happened, they are also linking to the URLs where these people can be found, but it’s untrue. But while good… it’s not ethical. It’s not right that it had to come to this to make people wake up to the privacy issues.

But that’s my two cents.
http://pceasies.com pceasies

@Rudi Pittman

Make sure all settings are `me only` or `friends only`

That should pretty well take care of all the problems.
Paul\HellNoire

To anyone who tries linking to the torrent leak, it will be removed. The last thing we want is to be shut down for “supporting it” which believe me, Raymond and myself do not support this foolishness.
Tauseef

Ok i myself downloaded it.It was nice piece of info including that of Mark Zuckerberg.
http://www.dwoolnoughuk.com/ DWoolnoughUK

I Downloaded it just to see if I was there. Luckily, I’m not. :)
Val

I don’t trust friends of friends or the search engine. It’s only friends for me.
Paul\HellNoire

@DWoolnoughUK, my name is in the list but only because my full name is very popular. So there are other Pauls that had their security leaked and not me.
Abhijeet Singh

Thanks for the article Paul. I use a temporary email – Address Guard by Yahoo for Facebook and I have Created a Personal Friend list, only people in this list can see my update, post on wall, see my photos. Rest all added in my Friends are equivalent to – not to be added, including my boss and colleagues. I don’t want to tell my boss and my colleagues where i’m partying or why I’m not coming to office. Though I can’t deny their request cause its the boss who sent me the friend request and denying him could result in loss of my job. Even if I’m sitting online on Facebook chat, he can’t see my that I’m online, thanks to lists.

Hope I’m secured :D
Prabhakaran

Thanks a ton for the info Paul. I had shared it with all my friends. Keep up the good work.
Anonymous

Hey guys, crawl the information and appreciate for his attempt of report.

Well I like your post dude… Thnxxx….

Raymond.CC Blog

Un-Ethical Conduct By Security Firm Leads to Facebook Leaks

Posted By Paul\HellNoire In Category: Computer

Subscribe

Recent Posts

Friends

Ads