Two days ago, a blogger called Bogomep reported that he was able to purchase more than one million Facebook data entries (usernames, full names, verified email addresses, etc) from the piddling sum of $5.
The description of the offer said:
The information in this list has been collected through our Facebook apps and consists only of active Facebook users, mostly from the US, Canada, UK and Europe. There are users from other countries as well but they are almost exclusively English speaking as well, as all the apps we provide are written in English and to use them properly one needs to read the instructions. The list is checked and validated once a month so you won’t get a list full of invalid or duplicate email addresses. Whether you are offering a Facebook, Twitter, social media related or otherwise a general product or service, this list has a great potential for you. Finally, the list is in a zipped excel format split into 12 sheets, each sheet containing roughly 100,000 email addresses with name, last name and facebook profile information separated with comma.
Today, he posts about the troubling and officious phone call he received from Facebook’s “Policy” department, which the Facebook representatives forbid him from posting about or discussing with anyone. Naturally, and admirably, he posted about it anyway:
Our conversation began exatly on the agreed minute and with the warning that it “is being recorded”. The part where they usually say that it is for the purpose of “improving the service” was spared.
They thanked me for what I have done but they also asked me that I did not share the information about our talk in my profile (?!?) and my blog.
“Now we would like you to send us this file, delete it, tell us if you have given a copy of it to someone, give us the website from which you bought it including all transactions with it and the payment system and remove a couple of things from your blog. Oh and by the way, you are not allowed to disclose any part of this conversation; it is a secret that we are even having this conversation”.
I agreed to send them the data and the website of course, for that was my purpose. I tried to ask what they would do next but they said it would be an internal legal investigation.
I asked if it was possible to tell what the problem was, after they finished the investigation, so that the users could protect themselves, but they they emphasized that it would be an internal investigation and they would not share any information with third parties.
If you’ve been waiting for that last push to unyoke yourself from Aunt Terri’s racist screeds, your girlfriend’s father’s creepy “Like” tours of every female photo subject in every photo album he can find, and the insipid and unceasing demands from barely-acknowledged coworkers to feed their Zynga addictions, this might be your chance.
EDIT: It is worth noting that Facebook posted an operating loss of over 59 million dollars last quarter, and “casual gaming” baron Zynga lost 52 million the same quarter, and razed its Japan, UK, and Boston studios and fired 5% of staff. These are all excellent motivations for either company, or their recent employees, to be hawking cheap, unsecured user data.