Those friends on Facebook begging for a connection? They could be "socialbots," programming scripts that impersonate real people. University researchers got away with 250GB of user data using socialbots.
Thankfully, researchers from the University of British Columbia Vancouver didn't sell the personal information to identity thieves, but the next group of socialbots may not be so polite. Using several passes to gather friend connections, the socialbots could achieve a large scale infiltration in a few weeks with about 80 percent success. Accepting a socialbot as a friend was three times higher when there were shared mutual friends.
University researchers said their goal was to highlight the need for OSNs (Online social Networks) to build more security systems "that are less vulnerable to both human exploits (i.e., social engineering) and technical exploits (i.e., platform hacks). Why? Because users want their personal information harvested and sold by Facebook proper, not some random third party.
Who doesn't want to be friends with a scraper bot?Anonymous Coward on theregister.co.uk
People randomly accept friends and then have their data configured to be shared with them. In this case, the problem was not Facebook but was sitting in front of the computer.yaix on news.ycombinator.com
Turing test 2.0 Machine passes, if you can not tell your new friend is not human...trottel on theregister.co.uk
There's enough gullible people on Facebook for scammers to make money, regardless what measure Facebook puts in place.dendory on news.ycombinator.com
This might sound harsh but...Who care? How long are people going to keep believing that information you share with people who share with other random people is ... "private"?joe_the_user on news.ycombinator.com
do you realise what you have done? Every Blackhat marketer reading this blog post will be drooling at the mouth right now making plans to develop such a bot.James Jeffery on sophos.com
It seems to me that either people are really indiscriminate in who they accept as their 'friends', or the 'randomly selected "people"' were actually other socio bots :-DJBiserkov on news.ycombinator.com
Shame on Facebook
It's not just those who sign up who get shafted by data scraping like this, their non-facebook using mates get screwed tooAnonymous Coward on theregister.co.uk
"You are not allowed to create fake profiles." Except that fake profiles are almost endemic - most of them being used purely for the purposes of social games.mittfh on sophos.com
Facebook spokespeople at first refused to comment, then said they had serious concerns about the methodology. No announcement of security improvements has been made.