Bogomil Shopov – Бого

I just bought more than 1 million …Facebook data entries. OMG! /updated/

I have the bloody habit to look for cheap deals on some websites and today I’ve got the featured offer to buy more than 1 million Facebook entries containing Full Name, e-mail and Facebook profile URL.
I make a quick check over the data and surprise, surprise: most of them are real and I even know some of those users.

1 million Facebook accounts? WTF?

The description of the offer says:

The information in this list has been collected through our Facebook apps and consists only of active Facebook users, mostly from the US, Canada, UK and Europe. There are users from other countries as well but they are almost exclusively English speaking as well, as all the apps we provide are written in English and to use them properly one needs to read the instructions. The list is checked and validated once a month so you won’t get a list full of invalid or duplicate email addresses. Whether you are offering a Facebook, Twitter, social media related or otherwise a general product or service, this list has a great potential for you. Finally, the list is in a zipped excel format split into 12 sheets, each sheet containing roughly 100,000 email addresses with name, last name and facebook profile information separated with comma.

 

Do you still feel secure?

Oh yes, the deal price was 5$ – five u.s dollars.

Oh, this is not the end of the story. I ve’got a phone call from them.

(Update): No, Facebook, I don’t want my 5$ back, but I want something from (for) you.

 

Posted

in

by

Bogomil Shopov

Tags:

,

Comments

83 responses to “I just bought more than 1 million …Facebook data entries. OMG! /updated/”

  1. murtw Avatar
    murtw

    gigbucks rite? :)

    Reply
  2. maht Avatar
    maht

    I really don’t care. If you have mine you have my profile URL – well done, it’s public, my Facebook name – well done, it’s false, and the email I use for Facebook – well done, it’s the only place it’s used and I never check it.

    This post has given you access to more personal info than my Facebook data.

    Reply
    1. tedder Avatar
      tedder

      You realize this is missing the point, right? It’s like saying “my credit card number was exposed, but the bank’s fraud department is replacing it”.

      Reply
    2. tham Avatar
      tham

      WOOOSH.

      You’re living in denial.

      Reply
  3. Pablo Avatar
    Pablo

    Maybe you want to blur the edit line, too.

    Reply
    1. Bogo Avatar
      Bogo

      I just did. Sorry for that!!!

      Reply
  4. Mozilla blogger bought 1 million Facebook entries (Full Name, e-mail) for $5 | My Daily Feeds

    […] Hacker News http://talkweb.eu/openweb/1819 wandelroutes This entry was posted in Uncategorized by admin. Bookmark the […]

    Reply
  5. David Avatar
    David

    Ehm, you forgot to censor the email of the field selected. Poor dude.

    Reply
  6. Uh, oh: 5 $ buys you 1 MILLION European Facebook usernames & e-mails

    […] http://talkweb.eu/openweb/1819 0 no comments Tweet […]

    Reply
  7. Uh, oh: 5 $ buys you 1 MILLION European Facebook usernames & e-mails

    […] http://talkweb.eu/openweb/1819 0 no comments Tweet […]

    Reply
  8. Jérôme Avatar
    Jérôme

    Hi!

    we can still see the email of Jerome Swank in the formula input ;-)

    Reply
    1. Bogo Avatar
      Bogo

      I just fix that!

      Reply
  9. lifebarier Avatar
    lifebarier

    Would be interested to see some sort of application to test if my data is in these files.

    Reply
  10. Oi Empresa Avatar
    Oi Empresa

    I bet you bought this on Gigbucks. Right?
    Anyway, being on Hacker News now, this story will spread like fire.

    Reply
  11. Joseph Avatar
    Joseph

    Question is. What can you do with this ? Send massive email ? -> Spam. Sending one-to-one email -> Eternity.

    So yes it’s not technically secure, but what are people going to do with this.

    Reply
  12. Tudor Munteanu Avatar
    Tudor Munteanu

    How is this of any importance? You have an email adress and a name. This can be obtained by the most trivial Facebook apps. The only problem I see is in the case when Johnny X doesn’t what people to know that the email adress i_like_cupcakes@gmail.com is not his… all the rest of the infos are public.

    Reply
  13. Lee Avatar
    Lee

    This is why I never give me email to websites, or use facebook connect. I created leemail.me instead. Want an invite?

    Reply
    1. aaa aaa Avatar
      aaa aaa

      leemail.me can man in the middle any account you make with it. That’s just so much better than what you normally do.

      Reply
  14. rags Avatar
    rags

    @Joseph.. that is exactly one of the ways to use this.

    Marketing companies that do the equivalent of cold-calling – SPAM you.

    Getting the URL / email ID of one person is not a big deal .. but getting a nice juicy list of email IDs / URLs is dinner time for some ravagers..

    one more way to abuse this data – DoS

    Reply
  15. Tomer Cohen Avatar
    Tomer Cohen

    You can aggregate to user profile ID from the URL as well as the user full name. I don’t understand why you think it is a good deal, and don’t forget that you have just made some evil people richer by 5$.

    Reply
  16. Dan Avatar
    Dan

    This is not news. Any public website can be scraped and the data sold. Its not like this is a list of passwords or anything.

    Yawn.

    Reply
  17. fernando Avatar
    fernando

    This is all public information, why the surprise?

    Reply
  18. Maxime Avatar
    Maxime

    We can still see the last line (Ann Walker).

    Reply
  19. Der Paderp Avatar
    Der Paderp

    Hey, since I see you have the most discriminating tastes, I would like to offer you a special one-time deal. I have the FINEST, rare imported breathing air that you will ever lay your hands on. It is bottled in 100% recycled plastic, using only the purest air molecules available in the world. The cost is only $5.00 per bottle. Cheap, right?!! This was bottled with the same painstaking care it took to gather 1 million Facebook data entries, and it’s a STEAL at $5.00 a pop. Buy one hundred bottles, and I will throw in 50 more for free. That is a savings of $250.00!!!

    Reply
  20. DDave Avatar
    DDave

    Its not only the Spam.

    Its the more then the half of the two keys to successfully hack and steal an identity. Fake or not! These Data combined with other Data in the hands of evil guys (also women!) can do a lot of harm.

    Reply
  21. Trenzo Avatar
    Trenzo

    Wow I was a bit skeptical at first as this offer seems too good to be true. Usually the lists they sell on auction sites are poor quality but this one is real good. The information is accurate. Let me know if you find more of these lists.

    Reply
  22. Bingo Avatar
    Bingo

    Why is this important in the age where spam is a billion-dollar business and lists of email addresses are so 1999?

    Because they can personalize a scam or attack.

    With the user’s Facebook Id, the scammer can send an email about a new service your friend [Friend’s real name + profile photo] wants you to join. How many people do you think would click a link in that email without a second thought?

    It takes away the robotic “Dear xxfalloutboy69xx@compuserve.com,” greetings and replaces it with your real name. It replaces general geographic locations with the exact place you live.

    It personalizes a scam, making it confusing to a typical end user and thus dangerous.

    Of course, this depends on the accuracy of the data a user has provided to Facebook, but I’m sure the amount of people who do supply correct information outweighs those who don’t.

    Reply
  23. Hebert Avatar
    Hebert

    O yea… I am sorry, that is notthing. -_-”

    Reply
  24. Orion Blastar Avatar
    Orion Blastar

    The problem is a spambot can add friends by email address in Facebook and other web sites. A spambot can also send spam links in email or Facebook instant message. A spambot can parse the URL to the Facebook internal email address to send it spam links. A cracker can run a dictionary crack on the accounts and the poor users using common words for passwords get cracked.

    Reply
  25. Georgi Avatar
    Georgi

    Be Smart, Use Ubuntu!

    What can you do with such an info? Hell lot of a things (mostly bad ones). Great post Bogo!!

    Reply
    1. Bogo Avatar
      Bogo

      Thanks

      Reply
  26. Nadia Avatar
    Nadia

    Hello, seems usefull for the small firms to do some e mailing :), but I still don´t understand how did you do to buy all of this for 5 dollars?

    Reply
  27. erebus Avatar
    erebus

    The great news is that there is no news.
    Facebook has always been a place for people who don’t understand what computer security means.

    Reply
  28. Iso Avatar
    Iso

    Finally the truth showed up, that facebook sells accounts to government and others, This info has been sold already a 500 times or more, so its normal to be cheap…
    See the truth for US and Bulgaria here

    http://www.youtube.com/watch?v=BGpTrDEqQRs

    Reply
  29. xstatic Avatar
    xstatic

    i’m seriously surprised that theyre only selling the name, email and facebook profile…..
    you can get a persons likes/account info/much much more detail from apps using the facebook API.

    its so simple these days with the amount of times people literally just press ok on everything!

    Reply
  30. Sy0 Avatar
    Sy0

    You might want to remove the old files ;)

    http://talkweb.eu/wp-content/uploads/2012/10/datascfreen.jpg

    Reply
  31. jad Avatar
    jad

    I thought “Sayfa[1-12]” was the name of that website. So I searched for it, and found http://www.sayfa.com.au/ and a Turkish app on Facebook :)

    Then I realised that sayfa means page in turkish (thanks google translate)
    :P haha
    but seriously, name that website!

    Reply
  32. MHJ Avatar
    MHJ

    Spot-checked some of the profiles. Four out of five were realtors. That’s too much to be a coincidence? Either the profiles in the screenshot are ranked by profession, or that’s a lead for the leak.

    Reply
  33. Travis Avatar
    Travis

    What surprises me is that they gave out the username – referred to here as an email. This is just begging for a selenium script and some brute force.

    Reply
  34. Joey Figaro Avatar
    Joey Figaro

    Not exactly private information. Email? Name? Facebook profile?

    Who cares?

    Reply
  35. thomas Avatar
    thomas

    From the (now removed) screen capture, person entering this data into a spreadsheet was using Turkish installation of Excel (sheet names) so reasonable to assume s/he was Turkish.

    Reply
  36. Michael Avatar
    Michael

    You seem to have made a profit or a very good donation to a worthy cause.
    For that I commend you, but for personal gain I disapprove.

    Reply
  37. Greg Avatar
    Greg

    That is an amazing story. I will start following your blog. Where do you have to search for these kind of things, is it underground? How did they get all of the contacts?

    Reply
  38. Mac Avatar
    Mac

    The emails are possibly gathered using “Login using your facebook account” feature.

    Google also offers the feature and that’s risky too.

    Reply
  39. John Doe Avatar
    John Doe

    Congrats. Blogger discovered WordPress!!!!!!!!!!!

    Reply
  40. nico Avatar
    nico

    Bad job facebook! The social network needs more security and privacy.

    Reply
  41. Mark Avatar
    Mark

    You don’t need to be a hacker to harvest these data. Any not even very smart programmer can write a script that harvests profile links and looks for e-mail addresses on those profiles. Surely you’ll find 1 million e-mail address amongst roughly 1 billion FB accounts. There’s nothing illegal about it and there’s nothing FB can do against it, except for hiding all e-mail addresses on all profiles.

    Reply
  42. Lucas Avatar
    Lucas

    Du solltest auch die Ursprungsdatei löschen. Das bringt sonst gar nichts.

    http://talkweb.eu/wp-content/uploads/2012/10/datascfreen.jpg

    Reply
  43. brucecat Avatar
    brucecat

    I know there are data mining companies selling our private details to corporations but not for $5 though.

    Well now there are a few sites covering your posts.

    http://www.dailydot.com/news/facebook-names-emails-cheap-5-dollars/

    http://www.buzzpatrol.com/1-million-facebook-names-and-emails-sold-for-5/

    Reply
  44. Yana Avatar
    Yana

    Здравствуйте, господин Шопов! Радиостанция Коммерсант ФМ (Москва) просит Вас прокомментировать по телефону ситуацию с данными Facebook. Пожалуйста, сообщите нам, как с Вами связаться.

    Radio Kommersant FM (Moscow) asks you for your contacts to record a comment about the situation with Facebook data. Thank you very much!

    Reply
  45. Billy Nomates Avatar
    Billy Nomates

    Are they all dumbfucks?

    Reply
  46. Robert Avatar
    Robert

    People now are worried about their privacy!
    Good job for you anyway!

    Reply
  47. Facebook Investigating How Bulgarian Man Bought 1.1 Million Users’ Email Addresses For Five Dollars – Forbes

    […] total of five dollars. “I just bought more than 1 million… Facebook data entries,” Shopov wrote on his blog Tuesday. […]

    Reply
  48. Tom Avatar
    Tom

    Why this article was posted … I have to say good job. And point well taken. I suspect this is targeted all naive facebook users who think their info is “confidential” and that nothing will ever happen to their FB account. LOL.

    SURPRISE !!! (ROTF LOL)

    This stuff has been going on for years (scraping FB apps) but just never exposed to this extent. You did an awesome job Bogo. Pretty good Slap-In-The-Face to FaceBook. Keep up the good work.

    Reply
  49. Alfian Effendy Avatar
    Alfian Effendy

    Oh my gosh, realy? That’s why I hate Facebook.
    btw, you’re not completely remove your data picture, here’s the link

    http://talkweb.eu/wp-content/uploads/2012/10/datascfreen.jpg

    Reply
  50. robert Avatar
    robert

    Stupid people ! they blurred the names but left the links! Who’s been that smart?

    Reply
  51. Roni Avatar
    Roni

    Our private details are out there, they worth money and we get non of it.
    Check out this cool animation about a software offering a cool solution.
    http://www.youtube.com/watch?v=sOCfvdr3jaY

    Don’t get mad, get even :)

    Reply
  52. Man Buys 1 Million Facebook Users’ Personal Information for $5, and Facebook Tries to Cover it Up | Conscious Life News

    […] purchasing the list and being amazed at its legitimacy, the IT blogger posted an entry detailing the event along with screenshots and a surprising follow-up. Using his personal E-mail […]

    Reply
  53. Francisco Mesa Avatar
    Francisco Mesa

    Well. I don’t think it’s hard to get and download all that information. The problem is, in my opinion, about the offer. Isn’t it?

    Reply
  54. Blqblqblq Avatar
    Blqblqblq

    LOL. And that story made all of the news all over the world? 1 milion useless info ?!? How about the one who hacked 3.6 SSN (including credit cards) from USA ? Now that is a story. This is bullshit.

    Reply
  55. allak Avatar
    allak

    Personally i don’t give a crap if someone has my full name and email and facebook lol…so what. internet and facebook is not my life lol…who gives a shit.

    Reply
  56. L Avatar
    L

    Nevidím v tom až takový problém. V podstatě jen nejspíš vzali seznam e-mailů, a vyhledávali podle nich účty na FB. Vyzkoušej zadat e-mail do vyhledávání přímo na FB.
    Nejtěžší by na tom bylo vyrobit robota, který by se zvládl přihlásit, a zadával jeden email za druhým – ale to by neměl být problém s toolem typu Selenium.

    Reply
  57. Cheapest Mailing List Ever: 1.1 mil Facebook Users For $5 – IMVINE

    […] http://talkweb.eu/openweb/1819 […]

    Reply
  58. Vope Avatar
    Vope

    That is not something new yo just gave it publicity. FB is scraped daily for user info and they need to educate their users more how to protect themselves.

    Reply
  59. 1M FB entries for $5 | Bi·lak

    […] you can get 1 million Facebook data entries for just $5. Just so you know how much you are worth in the eyes of some people. This entry was posted in […]

    Reply
  60. Facebook intenta silenciar a un bloguero que descubrio la venta de datos privados de sus usuarios | carlos96p

    […] hecho ha sido descubierto por un informático búlgaro llamado Bogomil Shopov, que publicó en su blog personal que había adquirido los datos privados de un millón de usuarios de Facebook por tan solo 5 […]

    Reply
  61. Parala Avatar
    Parala

    A lot of FB users are, ‘Not The Sharpest Knifes In The Drawer?’ D’Oh! Posting on FB is like sending a postcard thru any mail service; any one can read it & anyone can add, change, remove, whatever they want!?!

    Reply
  62. 4.6 Come fa a sapere Facebook quello che compro « socialwoman

    […] ottobre è la notizia che per soli 5 dollari sono stati acquistati da Bogomil Shopov, blogger di nazionalità bulgara noto per le sue attività a difesa dei diritti civili digitali, i […]

    Reply
  63. locuri de munca Avatar
    locuri de munca

    We have a facebook account and we published the information willfully. I do not understand why is this such a problem because you may chose to hide the email as well as other personal information. From the URL with a scrapper you will get very little information. If you get their password (as happened several times a few years back) than I can see the problem. If there are any bugs in the FB that disclose information that it was not supposed to be disclosed, again I can see a problem. But scrapping content that users are willingly make public, why is this a problem? It’s pretty much useless the list and have very little to do with FB. (locuri de munca)

    Reply
  64. gisallka Avatar
    gisallka

    whats that. Im not made of glass so everybody could see through me!!

    Reply
  65. Petit dev

    […] plupart des données sont vraies et je connais même certains de ces utilisateurs », a déclaré Bogomil Shopov, le blogueur militant pour la défense des internautes. Actualité nouvelles technologies […]

    Reply
  66. cipla Avatar
    cipla

    The other day, while I was at work, my cousin stole
    my apple ipad and tested to see if it can survive a 25 foot drop,
    just so she can be a youtube sensation. My iPad is now destroyed and she has
    83 views. I know this is entirely off topic but I had to share it
    with someone!

    Reply
  67. flightsone.com Avatar
    flightsone.com

    An intriguing discussion is definitely worth comment.
    I believe that you should publish more on this
    issue, it might not be a taboo subject but usually folks don’t speak about these issues. To the next! Many thanks!!

    Reply
  68. Facebook-Nutzer-Daten für fünf Dollar – Markus M. BLOG

    […] enthalten: Der richtige Name, ein Link zum Facebook-Profil und die dazugehörige E-Mail-Adresse. Der Schnäppchenjäger Bogomil Shopov hat von dieser Sache in seinem BLOG berichtet. Quelle: Spiegel […]

    Reply
  69. Raze Avatar
    Raze

    Hhahah I always love the outraged comments.

    I can always see them live:
    Some suited up people knock at their door and say more or less “hey how about we shove some millions down your pockets, all you have to do is let us do whatever we want with user data?”

    Yeah you know you see em very much saying “No I’m an honorable person and I prefer sucking it up a the increasingly marauderous labor market doing 6 day 12-13-14-15 hour job shifts. I mean I could never be persuaded to betray the people’s interests – particularly those fools who don’t care to know better or do anything about it.”

    Thats exactly how its going to work right?

    And fb is just the first site that has really elevated the formula.
    It provides all the gossip goodness for all the mass of social cripples that need it to feel relevant. And all you have to do is trade in your dignity at the agreement to use it. Its a seamless transaction.

    And lets face it, it’s not really an issue of privacy. It’s a bigger issue of they’ve been allowed to go this far without much objection, not any effective ones any way. Now that they have them and others will feel comfortable demanding even more marauder policies so we can use their shit.

    Reply
  70. No, Facebook, I don’t want my 5$ back, but I want something from you. | Bogo

    […] Did you get your 5 dollars back? […]

    Reply
  71. קיידום ממומן Avatar
    קיידום ממומן

    like

    Reply
  72. More Info Avatar
    More Info

    Hello are using WordPress for your site platform?

    I’m new to the blog world but I’m trying to get started and
    set up my own. Do you require any coding expertise to make your own blog?
    Any help would be really appreciated!

    Reply
  73. CrashDown.it » Facebook: nuovo scandalo, un blogger acquista 1,1 milioni di dati per 5 dollari

    […] bulgaro, Bogomil Shopov, attivista per i diritti digitali, sia riuscito a raccogliere i dati di 1,1 milioni di utenti (e-mail ed ID) inviati al sito di marketing Gigbucks pagando una cifra irrisoria: cinque […]

    Reply
  74. xpda

    […] http://talkweb.eu/openweb/1819 […]

    Reply
  75. Shady Facebook app devs are selling your details for pennies | Stock Market News – Business & Tech News

    […] at Bogo  Photo by Valerie […]

    Reply
  76. one million Facebook users data was offered for sale

    […] will be launching an internal investigation following the revelation by Czech blogger Bogomil Shopov that data belonging to over one million Facebook users was offered […]

    Reply
  77. jehming Avatar
    jehming

    can i buy this too? where did you buy?

    Reply

Leave a Reply to Bogo Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: