By NICK BILTON
A security researcher on Wednesday released a file containing the names, profile addresses and unique identification numbers of more than 100 million Facebook users.
The information was corralled via a public directory Facebook makes available that lists users who are sharing at least some of their profile information with everyone on the Internet. It was collected and uploaded by Ron Bowes, a security researcher with Skull Security.
Although the information in the file is freely available online through search engines and Facebook’s own directory, the organized list of names and identification numbers in it could make it easier for others to compile users’ e-mail addresses, locations or other data they have made available. The 2.8-gigabyte BitTorrent file also includes the programming code that Mr. Bowes used to scan the directory list.
Facebook issued a statement via e-mail noting that the list of users’ names was not a threat to those who were comfortable sharing publicly:
People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want. Our responsibility is to respect their wishes. In this case, information that people have agreed to make public was collected by a single researcher. This information already exists in Google, Bing, other search engines, as well as on Facebook. No private data is available or has been compromised. Similar to the white pages of the phone book, this is the information available to enable people to find each other, which is the reason people join Facebook. If someone does not want to be found, we also offer a number of controls to enable people not to appear in search on Facebook, in search engines, or share any information with applications.
Facebook has said in the past that a large portion of its users change some of their privacy settings on the Web site. Some users choose not to change their privacy settings and happily share personal images and content with the whole Web. But some fail to change their settings due to a lack of understanding of the available options.
Mr. Bowes said in a blog post that he decided to compile the list of user information and share it online to show that there is “a scary privacy issue” at play with the way people share their information with the rest of the Web through Facebook. It was not clear what his motives were for publicly sharing the list online.
Facebook users who want to keep their information off of the wider Internet should go into the Facebook privacy settings tab and change the “Sharing on Facebook” options to “Friends only.” Those who want to keep their profiles from being found in search engines like Google should also click the “Edit your settings” link at lower left and change the setting for “Public Search.”