October 26, 2012
How much is your personal information worth? How about a data set consisting of over 1 million individual’s personal information complete with their full legal name, personal E-mail address, and URL to their Facebook account as confirmation? According to one ‘mystery’ company that recently sold 1 million Facebook users’ personal information to a very surprised blogger, not very much at all. About $5, to be specific.
It all started when one blogger, a self-proclaimed seeker of ‘cheap’ deals that pertain to potentially useful or interesting subjects, stumbled across an offer for ’1 million Facebook accounts’ for $5. Skeptical but willing to try it out, the blogger purchased the list to be met with much surprise when he actually personally identified many of the users on the list to be people he actually knew personally. Complete with their personal E-mail address (which Facebook is supposed to keep ‘hidden’), full names, and a link to their page to verify, this blogger had stumbled across a major corporation’s dream come true.
According to the description from the seller of the list, the information was collected through Facebook applications and even checked monthly to ensure validity. The description stated:
“The information in this list has been collected through our Facebook apps and consists only of active Facebook users, mostly from the US, Canada, UK and Europe… The list is checked and validated once a month so you won’t get a list full of invalid or duplicate email addresses… this list has a great potential for you.”
After purchasing the list and being amazed at its legitimacy, the IT blogger posted an entry  detailing the event along with screenshots and a surprising follow-up. Using his personal E-mail provided when signing up for his Facebook account, Facebook’s ‘policy’ team member sent him an E-mail  asking him to set up a call with the company. During the call, things got very concerning.
Facebook Rep: Send Us the File, Delete it, And Tell No One
Starting off with a warning to the blogger that the phone call  was being recorded, the unnamed Facebook rep told the blogger to send them the file of the 1 million users’ information, delete it, and delete all traces of its mentioning off of his blog.
Not agreeing to censor the information, the blogger posted the quote from the phone conversation on his website:
“Now we would like you to send us this file, delete it, tell us if you have given a copy of it to someone, give us the website from which you bought it including all transactions with it and the payment system and remove a couple of things from your blog. Oh and by the way, you are not allowed to disclose any part of this conversation; it is a secret that we are even having this conversation”.
Proceeding to ask whether or not the rep would fill him in on what would be done by the company, the rep said that it was an internal issue and that he would not be allowed to know the result.
How Safe is Your Personal Information?
It has been known for years that Facebook’s very own terms of service allows for blatant privacy intrusions, and the company has been even caught syncing up with major third party corporations to track you online and offline. What has not been seen, however, is an event of this caliber taking place involving the average consumer. No longer are the days where major corporations were forced to buy your personal information and habits through terms of service changes and large volumes of cash.
Now, almost anyone can go online and buy 1 million E-mails, names, and Facebook URLs for a total of $5. In other words, you could purchase tens of millions of E-mails to spam or otherwise for a very inexpensive amount. What’s more is that criminals could also purchase this database for further malicious reasons. It’s no wonder that Facebook refuses to discuss the matter in any capacity, demanding that the blogger remove all content on the subject and pretend that it never happened.
If you absolutely cannot delete your Facebook, you can at least stop using apps on the platform that are known to be siphoning your personal information. Also be sure to use a Facebook specific ‘dummy’ E-mail when signing up and choose a nickname or alternative name that is not the same as your full legal name.
This post originally appeared at Natural Society