Last week the internet was abuzz with the deal that Bulgarian digital rights activist, Bogomil Shopov scored. He
managed to purchase 1.1 million user email addresses for the meager price of $5. The majority of the email addresses were from the US, Canada, UK and Europe and featured email addresses, user names and Facebook account numbers.
Initially the data was believed to be secured through Facebook apps run by the list seller. The listing stated:
“The information in this list has been collected through our Facebook apps and consists only of active Facebook users, mostly from the US, Canada, UK and Europe. There are users from other countries as well but they are almost exclusively English speaking as well, as all the apps we provide are written in English and to use them properly one needs to read the instructions.”
Forbes however was told that this wasn’t an app issue – rather a public data scraping dilemma. A Facebook spokesperson gave the following statement to Forbes:
“Facebook is vigilant about protecting our users from those who would try to expose any form of user information. In this case, it appears someone has attempted to scrape information from our site. We have dedicated security engineers and teams that look into and take aggressive action on reports just like these. We continue to investigate this specific individual.”
While Facebook states that the data was scraped, Shopov told Forbes that a few of the emails he looked at were not displayed publicly. This casts some doubt on just where the data was derived from. Shopov is also using the spotlight to shine some light on the Facebook account deletion issue. After Shopov bought the data and published the initial blog post Facebook asked him to delete the purchased info. Now Shopov is making a point about the inability to delete accounts by stating that:
“And yes, I deleted the data…but maybe, just maybe I’ve deleted the data the same way Facebook deletes users’ data when he/she wants to delete his/her account… What do I want? I want Facebook to start removing entire user data after pressing “Delete my account”. Is this so much to ask. This is fair, isn’t it? Can we achieve that as a community?”
Touche.
Comments