Bulgarian blogger buys 1.1 million Facebook users' data for $5
A Bulgarian digital rights activist is the proud owner of your Facebook name, username, and email today. Bogomil Shopov bought this information for 1.1 million Facebook users for $5.
According to Forbes, Shopov purchased the data on Gigbucks, a website that lets you “buy and sell services,” kind of like a reverse Zaarly online. Shopov found the entry, which promised the data would mainly be from Facebook users in the U.S., U.K., Canada, and Europe. It also said that the data was siphoned off when a user accepted and used a Facebook application. Lastly, it promised that the information was checked so that there would be no inactive or duplicate accounts. Shopov says that he tried and successfully verified these emails, and also determined that many of the emails were not publicly available on the user’s Facebook profile.
“Facebook is vigilant about protecting our users from those who would try to expose any form of user information. In this case, it appears someone has attempted to scrape information from our site,” Facebook told VentureBeat in an email. “We have dedicated security engineers and teams that look into, and take aggressive action on reports just like these. We continue to investigate this specific individual.”
Scraping public data is against Facebook’s terms of service, and even if the person didn’t scrape the data, developers have specific guidelines around how they can share any data they collect. Selling them on Gigbucks is seemingly not one of the ways.
The social network also said its security team is taking “aggressive action” on the problem. Shopov says Facebook also called him, asking him to keep the phone call private. The social network further requested that Shopov take the data off of his blog, send Facebook the data, get rid of it otherwise, and, according to Shopov’s blog, “give us the website from which you bought it including all transactions with it and the payment system.”
Facebook likely wanted Shopov to keep quiet as many companies do when they are investigating a “breach.” That way the target isn’t tipped off to the investigation.