When a security researcher made personal profile information of more than 170 million Facebook users available to the public on BitTorrent–a peer-to-peer file sharing site–many questioned why he did not attempt to sell that information to an interested party. Names and profile data on that many Facebook users is a potential gold mine of valuable marketing data.
Apparently, some major corporations agree, and many have jumped on BitTorrent to download the Facebook data. According to a blog post from Gizmodo, a reader known as Clint “discovered that all you had to do is use something like Peer Block, which grabs the IPs of the other users also downloading the torrent and identifies which company or university or organization they belong to.”
The list of companies that appear to have downloaded the Facebook data includes 65 organizations–many of which are household names like Cisco, Intel, Apple, and Symantec. Microsoft was conspicuously absent from the list of corporations that have tapped the treasure trove of Facebook data. The blog post does point out, though, that “Just because a company is on the list, doesn’t mean that it’s a sanctioned download by the company itself to grab the user information for some purpose. It could easily just be some dude at the company who wanted to download the torrent himself to check it out.”
The scenario reminds me of when I was an IT admin for a dot.com way back when. The philosophy of our CEO was that data is gold–pure and simple. Basically, all data is good data, and even if there isn’t an obvious use for it today, it should be archived because it might prove useful someday.
The corporations that have downloaded the Facebook data may not even know yet why they did, or what they plan to do with it. But, the fact that a file exists which contains personal information for millions of customers that might prove valuable in the future is reason enough to go ahead and acquire the data while its still out there.
The Facebook data in the BitTorrent file doesn’t contain much in the way of personal information, but companies can still use it to start to build a database of Facebook customers. The Facebook profile URLs can be analyzed to see if there is any other information–such as personal e-mail addresses, geographic location, age, or other valuable data.
The reality–as Facebook has pointed out in response to the “leak”–is that this data does not really represent a security compromise, or a data breach. Facebook issued a statement explaining “People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want. In this case, information that people have agreed to make public was collected by a single researcher and already exists in Google, Bing, other search engines, as well as on Facebook. Similar to the white pages of the phone book, this is the information available to enable people to find each other, which is the reason people join Facebook.”