A security consultant who compiled and then published a database containing publically-available Facebook data on over 100 million users just happened to gather the data while testing new security tools
That's the story from Ron Bowes, a security consultant who told the BBC that he compiled the Facebook data as a test of the Ncrack network authentication cracking tool, part of the Nmap Security Scanner.
The database contains the URL of every searchable Facebook user's profile, name, and unique ID, but does not include information on Facebook users who elected to keep their profile private.
The database has since been spread across the Internet, with thousands of users downloading it from the Pirate Bay file-sharing website, the BBC reported on Thursday.
Ncrack was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
Bowes told the BBC he ran his test on Facebook as a way to collect a good list of human names that could be used to test the security of companies' web sites. Such a list could be combined with a separate list of commonly used passwords to test those sites.
However, Bowes said, once he compiled that database of Facebook user information, he decided to release it as a way to bring attention to security issues faced by Facebook users.
"I am of the belief that, if I can do something then there are about 1,000 bad guys that can do it too," he told the BBC.
As for Bowes' original quest, he said the three most common names used by Facebook users were jsmith, ssmith, and skhan.
Because of the nature of the data and the URLs, the private data of Facebook users who decided to opt out of the Facebook directory would still be accessible, Bowes said.
