Skip to main content
close search
site logo

Facebook Personal Data Hacked. Who Knows Where You Live Now?

Published Nov. 3, 2011

Facebook has been under attack by a group of Canadian technology researchers who have designed a social networking programme, "SocialBots", which is designed to look like a real Facebook profile. They mimic a genuine profile whilst actually locating and taking data from the Facebook database. These types of programmes are usually used by online criminals for spam or collecting personal information and they are on the increase. "SocialBot" is a new danger for both Facebook and its users too. This is because it is the most advanced and lifelike hacking programme.

Designed to slip past all security and masquerade as a real life person, it does so with worrying accuracy. Previous hacking programmes would infect computers with a virus so the criminl behind them can access that computer remotely so they can locate personal data off that machine or infect it with spam. SocialBot is so realistic however, that Facebook and people think they are dealing with other real human beings. This programme seizes a Facebook profile and then behaves like a normal person would by sending out updates and requests to others.

The researchers behind this newfangled hackingbot are from the University of British Columbia in Vancouver. They created and activated 102 of these SocialBots and over 8 weeks set them tasks to make friends either by requesting to be a friend itself or accepting any requests which came its way. To avoid detection from Facebook security, each one would only send a maximum of 25 requests a day as to not raise suspicion. Within those 8 weeks, a total of 8,570 Friend Requests were sent and 3,055 accepted the friendships.

Massive Security Issue

With 3,055 people accepting the friends request and thus being attached to the hacking profiles, and extended networks off of those ones, the researchers were able to collect 14,000 home addresses and 46,500 email addresses of Facebook users. Phone numbers and birth dates were also collected. Although the SocialBots were disabled and the data not used, other than in an effort by the University to research Facebook security, if it can be done once, it could be done again. There are issues with Facebook spammers which they have recently tried to limit and thwart by adding extra phising warnings when clicking on links. But if it's coming from a profile which Facebook deems to be real and un-harmful, then will they really work in warning its users? The researchers involved in this event will be reporting their findings to the annual Computer Security Applications Conference in Florida in December.

Facebook Fights Back

Facebook has made a statement arguing that the experiment was unrealistic due to the fact that IP addresses used by the SocialBots had come from a trusted university source, whilst a real spam attack would have come from IP addresses used by real-life criminals and would have raised alarm bells. Facebook also claimed that they disabled more of the fake SocialBot accounts than the researchers claimed they had. A Facebook spokesperson said,

We have numerous systems designed to detect fake accounts and prevent scraping of information. We are constantly updating these systems to improve their effectiveness and address new kinds of attacks. We use credible research as part of that process. We have serious concerns about the methodology of the research by the University of British Colombia and we will be putting these concerns to them. In addition, as always, we encourage people to only connect with people they actually know and report any suspicious behaviour they observe on the site." ~ Courtesy of BBC News Online

Key Takeaway

The truth is that Facebook did not recognise all of the spam profiles and did fail to protect thousands of users personal data. Yes, the IP address may have come from a trusted source but a clever hacker or criminal will find ways of abusing IP addresses so they do not get noticed. Facebook has millions of people using their site meaning that millions of people have data stored. Users should refrain from adding their, age, D.O.B, home addresses and phone numbers to any social network in the hope to prevent attack on themselves as individuals. But Facebook also has the responsibly of protecting that data and checking it's accounted for. As technology gets better, and the people behind the spam improve their methods, Facebook will need to adapt and learn to tell a spam realistic profile from a genuine person as to not put users at such risk again.

~Articles Mentioned In this Blog: http://www.bbc.co.uk/news/technology-15553192

~Image Source: http://www.flickr.com/photos/kaysha

Who Wrote This Article?

I'm Nikki and I work at MarketMeSuite, the social media marketing dashboard, and I write articles related to all things social media. But back to MarketMeSuite... we have some great news: We are now free! Please check it out and be sure to let me know what you think!

Editors' picks

Company Announcements

View all | Post a press release
Turn LinkedIn into a Strategic Advantage with Social Listening
From Visibrain
September 01, 2025
Visibrain logo
Metricool 2025 Study Unveils 70% Surge in Short-Form Video, as TikTok Continues to Thrive and …
From Metricool
September 10, 2025
Metricool logo

Want to share a company announcement with your peers?

Get started

Editors' picks
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.