Online information & security

Another day, another information horror story of sorts.

Someone has stuck a bot crawling Facebook for public information, collated it into a nicely presented format and slapped it up on a torrent for downloading.  Let’s look at the impact of this.  Fundamentally it changes very little, this is all information which users of Facebook have put into the public domain either actively or through not unchecking the right options.  The difference is that it’s collated into a easily parsable format, ideal for spammers to grab and shove into their databases, quickly searchable and so on.  We’re not talking about a zero risk event here, but something which is akin to moving fruit from a branch which requires a little bit of reaching to something at waist height.

So what is the impact here, hopefully a wake up call to all those users of services such as Facebook as to keeping an eye on what information they’re putting into the public domain, what links to friends they’re making public, what photos, what details of their personal life.  Who hasn’t heard of the stories of people boasting on Facebook about pulling a sickie forgetting that a co-worker or boss is on their friends list.  Making the dope habit public while the boss is known to be massively anti illegal drugs and so on.

Banks still use information such as maternal maiden name for authentication, how difficult is it now to find that information from the Facebook data dump for a number of users.  While in itself that is not the key to your money it’s another piece in the puzzle, all of which makes it a little easier for the bad guys to get at your account and at the same time make it harder to convince the bank of your innocence.

The financial costs are normally recovered, at least in the EU, what about the time and stress in dealing with such issues, that cannot be claimed back off the bank.  It’s not entirely their fault that their customer is putting their entire life into searchable databases.  How about having to cancel that credit card and be issued with a new one, updating companies which are taking their money through recurring mandates, updating the booking with FlyCheapAir and the hotel room for the same trip and so on.  All annoyance and pain.

So this is both a complete non-story “person puts information in the public domain into the public domain in a different format” it is also at the same time a major story “Millions putting information into the public domain which they rely on to secure the services they base their life on“.

BBC Report