Top 10 Data Breaches from 2011: #6

#6:  Army of social bots steals gigabytes of Facebook data
Summary:   A small array of scripts programmed to pass themselves off as real people stole 250 gigabytes worth of personal information from Facebook users in just eight weeks.
Detials:  The 102 “socialbots” included a name and picture of a fictitious Facebook user and used programming interfaces to automatically embed pseudo-random quotes into status updates. They also used Facebook interfaces to send connection requests to about 5,000 randomly selected profiles. They then sent connection requests to the friends of those who accepted the initial invitation, and with each acceptance, they scraped whatever information was available.

At the end of the eight-week experiment, the researchers recovered 250 gigabytes of personal data, much of it configured to be available only to people on the user’s list of friends.

Why Significant:

  • Another example of automated Facebook hacking.
  • Highlights the weaknesses in Facebook defenses.  In this case, “the defense known as the Facebook Immune System, which is designed to automatically flag fake profiles, did little to thin the army of socialbots used in the study. While about 20 percent of them were blocked, the closures were the result of feedback from other users who reported spam.”

Leave a Reply

You must be logged in to post a comment.