Ron Bowes, a Canadian security consultant, used a piece of code to scan Facebook profiles, collecting data not hidden by users' privacy settings.
Mr Bowes told BBC News that he did it as part of his work on a security tool.
"I'm a developer for the Nmap Security Scanner and one of our recent tools is called Ncrack," he said.
"It is designed to test password policies of organisations by using brute force attacks; in other words, guessing every username and password combination."
By downloading the data from Facebook, and compiling a user's first initial and surname, he was able to make a list of the most common probable usernames to use in the tool.
The three most common names, he found, were jsmith, ssmith and skhan.
In theory, researchers could then combine this list with a catalogue of the most commonly used passwords to test the security of sites. Similar techniques could be used by criminals for more nefarious means.
Mr Bowes said his original plan was to "collect a good list of human names that could be used for these tests".
"Once I had the data, though, I realised that it could be of interest to the community if I released it, so I did," he added.
Mr Bowes confirmed that all the data he harvested was already publicly available but acknowledged that if anyone now changed their privacy settings, their information would still be accessible.
"If 100,000 Facebook users decide that they no longer want to be in Facebook's directory, I would still have their name and URL but it would no longer, technically, be public," he said.
Mr Bowes said that collecting the data was in no way irresponsible and likened it to a telephone directory.
"All I've done is compile public information into a nice format for statistical analysis," he said
Simon Davies from the watchdog Privacy International told BBC News it was an "ethical attack" and that more personal information had not been included in the trawl.
"This is a reputational and business issue for Facebook, for now," he said
"They can continue to ride the risk and hope nothing cataclysmic occurs, but I would argue that Facebook has a special responsibility to go beyond doing the bare minimum," he added.
- BBC Inputs
No comments:
Post a Comment