Bulgarian Privacy Activist Buys A Million Facebook IDs For A Sandwich, Essentially

Five bucks can get you many things. A fast food meal. A couple of candy bars. A beer if it’s not a tiny microbrew or Belgian or something. Roughly 100 words written by yours truly (just don’t expect the Gettysburg address or anything). Oh, and also 1.1 million Facebook user IDs, emails, and names.

Here’s what happened, and why it’s annoying or scary, depending on your perspective.

Bogomil Shopov, a digital rights activist and blogger, decided to see how easy it was to get Facebook contact information. It turns out it was as simple as finding some random guy on an Internet message board, who had this description posted:

The information in this list has been collected through our Facebook apps and consists only of active Facebook users, mostly from the US, Canada, UK and Europe. There are users from other countries as well but they are almost exclusively English speaking as well, as all the apps we provide are written in English and to use them properly one needs to read the instructions. The list is checked and validated once a month so you won’t get a list full of invalid or duplicate email addresses.

Facebook is currently calling this a “breach,” a breach they’re taking so seriously they called Shopov, demanded that he send them the data and delete it, and then take down his post about how sloppy they are with user data. Apparently the conversation he had was magical and super-secret, and someday somebody is going to have to explain to legal interns that saying “This communication is confidential” doesn’t make it so.

It’s not really clear what Facebook can do, though. Apps are allowed to collect this information, and presumably users have agreed to share their data. But it’s nice to see them pretending to care.

×