A Bulgarian blogger, Bogomil Shopov, claims to have bought 1.1 million Facebook users' names, user IDs and e-mails via a social marketing site, for just $5.
According to Shopov, after purchasing the details, he checked the data and found that most of the details were indeed real and he even knows some of the users.
Speaking to Forbes, Shopov also said he believes the data was not collected from simply scraping the public profiles of users, as he checked a number of the e-mail addresses and confirmed they are not publicly displayed.
Shopov, who is a digital rights activist, posted the details of his purchase on his blog. He says the information listed by the seller on Gigbucks stated: "The information in this list has been collected through our Facebook apps and consists only of active Facebook users, mostly from the US, Canada, UK and Europe. There are users from other countries as well, but they are almost exclusively English-speaking as well, as all the apps we provide are written in English and to use them properly one needs to read the instructions.
"The list is checked and validated once a month so you won't get a list full of invalid or duplicate e-mail addresses. Whether you are offering a Facebook, Twitter, social media related or otherwise a general product or service, this list has a great potential for you."
According to Shopov, he was contacted by Facebook after publicly posting his experience and he was asked not to share the details of the conversation. He was also asked to send Facebook the file he purchased, the details of the site he purchased it from, the details of any people he had sent it to, and to delete his own copy.
Shopov says: "I agreed to send them the data and the Web site, of course, for that was my purpose. I tried to ask what they would do next, but they said it would be an internal legal investigation.
"I asked if it was possible to tell what the problem was, after they finished the investigation, so that the users could protect themselves, but they emphasised that it would be an internal investigation and they would not share any information with third parties."
Facebook has said in a statement that it has dedicated security engineers and teams of people that look into and "take aggressive action" on reports such as Shopov's. Facebook believes the information Shopov purchased was taken from the site by "scraping" users' public data, and not through an application. The investigation is ongoing.
Share