The torrent is attracting hundreds of downloads
Personal details of 100m Facebook users have been harvested and published on the net by a security consultant.
Ron Bowles used a piece of code to scan Facebook profiles, collecting data not hidden by the user’s privacy settings.
The list, which has been shared as a downloadable file,
contains the URL of every searchable Facebook user’s profile, their name
and unique ID.
Mr Bowles said he published the data to highlight privacy issues, but Facebook said it was already public information.
The file has spread rapidly across the net.
On the Pirate Bay, the world’s biggest file-sharing website,
the list was being distributed and downloaded by more than 1,000 users.
One user, going by the name of lusifer69, described the list as "awesome and a little terrifying".
In a statement to BBC News, Facebook said that the information in the list was already freely available online.
"People who use Facebook own their information and have the
right to share only what they want, with whom they want, and when they
want," the statement read.
"In this case, information that people have agreed to make
public was collected by a single researcher and already exists in
Google, Bing, other search engines, as well as on Facebook.
"No private data is available or has been compromised," the statement added.
‘Privacy confusion’
But Simon Davies from the watchdog Privacy International told
BBC News that Facebook had been given ample warning that something like
this would happen.
"Facebook should have anticipated this attack and put measures in place to prevent it," he said
"It is inconceivable that a firm with hundreds of engineers
couldn’t have imagined a trawl of this magnitude and there’s an argument
to be heard that Facebook have acted with negligence, he added.
Mr Davies said that the trawl of data fed into "the confusion of the privacy settings".
"People did not understand the privacy settings and this is the result," he said.
Facebook hit its 500m user in mid June 2010
Earlier this year there was a storm of protest from users of
the site over the complexity of Facebook’s privacy settings. As a
result, the site rolled out simplified privacy controls.
Facebook has a default setting for privacy that makes some
user information publicly available. People have to make a conscious
choice to opt-out of the defaults.
"It is similar to the white pages of the phone book, this is
the information available to enable people to find each other, which is
the reason people join Facebook," said a spokesman for the firm.
"If someone does not want to be found, we also offer a number
of controls to enable people not to appear in search on Facebook, in
search engines, or share any information with applications."
But Mr Davies disagreed, saying the default settings should be changed.
"This highlights the argument for a higher level of privacy and proves the case for default nondisclosure," he said.
"There are going to be a lot of angry and concerned people
right now who be wondering who has their data and what they should do."
However, Mr Davies pointed out that this was something of an
"ethical attack" and that more personal information, such as email
addresses, phone numbers and postal addresses had not been included in
the trawl.
Do you use Facebook and
is your profile public? Are you concerned about your privacy on social
networks? Are you affected by any other issues raised in this story?