I just bought more than 1 million …Facebook data entries. OMG! /updated/

Categories Privacy

I have the bloody habit to look for cheap deals on some websites and today I’ve got the featured offer to buy more than 1 million Facebook entries containing Full Name, e-mail and Facebook profile URL.
I make a quick check over the data and surprise, surprise: most of them are real and I even know some of those users.

1 million Facebook accounts? WTF?

The description of the offer says:

The information in this list has been collected through our Facebook apps and consists only of active Facebook users, mostly from the US, Canada, UK and Europe. There are users from other countries as well but they are almost exclusively English speaking as well, as all the apps we provide are written in English and to use them properly one needs to read the instructions. The list is checked and validated once a month so you won’t get a list full of invalid or duplicate email addresses. Whether you are offering a Facebook, Twitter, social media related or otherwise a general product or service, this list has a great potential for you. Finally, the list is in a zipped excel format split into 12 sheets, each sheet containing roughly 100,000 email addresses with name, last name and facebook profile information separated with comma.


Do you still feel secure?

Oh yes, the deal price was 5$ – five u.s dollars.

Oh, this is not the end of the story. I ve’got a phone call from them.

(Update): No, Facebook, I don’t want my 5$ back, but I want something from (for) you.



  • murtw
    October 23, 2012

    gigbucks rite? :)

  • maht
    October 23, 2012

    I really don’t care. If you have mine you have my profile URL – well done, it’s public, my Facebook name – well done, it’s false, and the email I use for Facebook – well done, it’s the only place it’s used and I never check it.

    This post has given you access to more personal info than my Facebook data.

    • tedder
      October 26, 2012

      You realize this is missing the point, right? It’s like saying “my credit card number was exposed, but the bank’s fraud department is replacing it”.

    • tham
      October 27, 2012


      You’re living in denial.

  • Pablo
    October 23, 2012

    Maybe you want to blur the edit line, too.

    • Bogo
      October 23, 2012

      I just did. Sorry for that!!!

  • Mozilla blogger bought 1 million Facebook entries (Full Name, e-mail) for $5 | My Daily Feeds
    October 23, 2012

    […] Hacker News http://talkweb.eu/openweb/1819 wandelroutes This entry was posted in Uncategorized by admin. Bookmark the […]

  • David
    October 23, 2012

    Ehm, you forgot to censor the email of the field selected. Poor dude.

  • Uh, oh: 5 $ buys you 1 MILLION European Facebook usernames & e-mails
    October 23, 2012

    […] http://talkweb.eu/openweb/1819 0 no comments Tweet […]

  • Uh, oh: 5 $ buys you 1 MILLION European Facebook usernames & e-mails
    October 23, 2012

    […] http://talkweb.eu/openweb/1819 0 no comments Tweet […]

  • Jérôme
    October 23, 2012


    we can still see the email of Jerome Swank in the formula input ;-)

    • Bogo
      October 23, 2012

      I just fix that!

  • lifebarier
    October 23, 2012

    Would be interested to see some sort of application to test if my data is in these files.

  • Oi Empresa
    October 23, 2012

    I bet you bought this on Gigbucks. Right?
    Anyway, being on Hacker News now, this story will spread like fire.

  • Joseph
    October 23, 2012

    Question is. What can you do with this ? Send massive email ? -> Spam. Sending one-to-one email -> Eternity.

    So yes it’s not technically secure, but what are people going to do with this.

  • Tudor Munteanu
    October 23, 2012

    How is this of any importance? You have an email adress and a name. This can be obtained by the most trivial Facebook apps. The only problem I see is in the case when Johnny X doesn’t what people to know that the email adress i_like_cupcakes@gmail.com is not his… all the rest of the infos are public.

  • Lee
    October 23, 2012

    This is why I never give me email to websites, or use facebook connect. I created leemail.me instead. Want an invite?

    • aaa aaa
      October 23, 2012

      leemail.me can man in the middle any account you make with it. That’s just so much better than what you normally do.

  • rags
    October 23, 2012

    @Joseph.. that is exactly one of the ways to use this.

    Marketing companies that do the equivalent of cold-calling – SPAM you.

    Getting the URL / email ID of one person is not a big deal .. but getting a nice juicy list of email IDs / URLs is dinner time for some ravagers..

    one more way to abuse this data – DoS

  • Tomer Cohen
    October 23, 2012

    You can aggregate to user profile ID from the URL as well as the user full name. I don’t understand why you think it is a good deal, and don’t forget that you have just made some evil people richer by 5$.

  • Dan
    October 23, 2012

    This is not news. Any public website can be scraped and the data sold. Its not like this is a list of passwords or anything.


  • fernando
    October 23, 2012

    This is all public information, why the surprise?

  • Maxime
    October 23, 2012

    We can still see the last line (Ann Walker).

  • Der Paderp
    October 23, 2012

    Hey, since I see you have the most discriminating tastes, I would like to offer you a special one-time deal. I have the FINEST, rare imported breathing air that you will ever lay your hands on. It is bottled in 100% recycled plastic, using only the purest air molecules available in the world. The cost is only $5.00 per bottle. Cheap, right?!! This was bottled with the same painstaking care it took to gather 1 million Facebook data entries, and it’s a STEAL at $5.00 a pop. Buy one hundred bottles, and I will throw in 50 more for free. That is a savings of $250.00!!!

  • DDave
    October 23, 2012

    Its not only the Spam.

    Its the more then the half of the two keys to successfully hack and steal an identity. Fake or not! These Data combined with other Data in the hands of evil guys (also women!) can do a lot of harm.

  • Trenzo
    October 24, 2012

    Wow I was a bit skeptical at first as this offer seems too good to be true. Usually the lists they sell on auction sites are poor quality but this one is real good. The information is accurate. Let me know if you find more of these lists.

  • Bingo
    October 24, 2012

    Why is this important in the age where spam is a billion-dollar business and lists of email addresses are so 1999?

    Because they can personalize a scam or attack.

    With the user’s Facebook Id, the scammer can send an email about a new service your friend [Friend’s real name + profile photo] wants you to join. How many people do you think would click a link in that email without a second thought?

    It takes away the robotic “Dear xxfalloutboy69xx@compuserve.com,” greetings and replaces it with your real name. It replaces general geographic locations with the exact place you live.

    It personalizes a scam, making it confusing to a typical end user and thus dangerous.

    Of course, this depends on the accuracy of the data a user has provided to Facebook, but I’m sure the amount of people who do supply correct information outweighs those who don’t.

  • Hebert
    October 24, 2012

    O yea… I am sorry, that is notthing. -_-”

  • Orion Blastar
    October 24, 2012

    The problem is a spambot can add friends by email address in Facebook and other web sites. A spambot can also send spam links in email or Facebook instant message. A spambot can parse the URL to the Facebook internal email address to send it spam links. A cracker can run a dictionary crack on the accounts and the poor users using common words for passwords get cracked.

  • Georgi
    October 24, 2012

    Be Smart, Use Ubuntu!

    What can you do with such an info? Hell lot of a things (mostly bad ones). Great post Bogo!!

    • Bogo
      October 24, 2012


  • Nadia
    October 24, 2012

    Hello, seems usefull for the small firms to do some e mailing :), but I still don´t understand how did you do to buy all of this for 5 dollars?

  • erebus
    October 24, 2012

    The great news is that there is no news.
    Facebook has always been a place for people who don’t understand what computer security means.

  • Iso
    October 24, 2012

    Finally the truth showed up, that facebook sells accounts to government and others, This info has been sold already a 500 times or more, so its normal to be cheap…
    See the truth for US and Bulgaria here


  • xstatic
    October 25, 2012

    i’m seriously surprised that theyre only selling the name, email and facebook profile…..
    you can get a persons likes/account info/much much more detail from apps using the facebook API.

    its so simple these days with the amount of times people literally just press ok on everything!

  • Sy0
    October 25, 2012

    You might want to remove the old files ;)


  • jad
    October 25, 2012

    I thought “Sayfa[1-12]” was the name of that website. So I searched for it, and found http://www.sayfa.com.au/ and a Turkish app on Facebook :)

    Then I realised that sayfa means page in turkish (thanks google translate)
    :P haha
    but seriously, name that website!

  • MHJ
    October 25, 2012

    Spot-checked some of the profiles. Four out of five were realtors. That’s too much to be a coincidence? Either the profiles in the screenshot are ranked by profession, or that’s a lead for the leak.

  • Travis
    October 25, 2012

    What surprises me is that they gave out the username – referred to here as an email. This is just begging for a selenium script and some brute force.

  • Joey Figaro
    October 25, 2012

    Not exactly private information. Email? Name? Facebook profile?

    Who cares?

  • thomas
    October 25, 2012

    From the (now removed) screen capture, person entering this data into a spreadsheet was using Turkish installation of Excel (sheet names) so reasonable to assume s/he was Turkish.

  • Michael
    October 26, 2012

    You seem to have made a profit or a very good donation to a worthy cause.
    For that I commend you, but for personal gain I disapprove.

  • Greg
    October 26, 2012

    That is an amazing story. I will start following your blog. Where do you have to search for these kind of things, is it underground? How did they get all of the contacts?

  • Mac
    October 26, 2012

    The emails are possibly gathered using “Login using your facebook account” feature.

    Google also offers the feature and that’s risky too.

  • John Doe
    October 26, 2012

    Congrats. Blogger discovered WordPress!!!!!!!!!!!

  • nico
    October 26, 2012

    Bad job facebook! The social network needs more security and privacy.

  • Mark
    October 26, 2012

    You don’t need to be a hacker to harvest these data. Any not even very smart programmer can write a script that harvests profile links and looks for e-mail addresses on those profiles. Surely you’ll find 1 million e-mail address amongst roughly 1 billion FB accounts. There’s nothing illegal about it and there’s nothing FB can do against it, except for hiding all e-mail addresses on all profiles.

  • Lucas
    October 26, 2012

    Du solltest auch die Ursprungsdatei löschen. Das bringt sonst gar nichts.


  • brucecat
    October 26, 2012

    I know there are data mining companies selling our private details to corporations but not for $5 though.

    Well now there are a few sites covering your posts.



  • Yana
    October 26, 2012

    Здравствуйте, господин Шопов! Радиостанция Коммерсант ФМ (Москва) просит Вас прокомментировать по телефону ситуацию с данными Facebook. Пожалуйста, сообщите нам, как с Вами связаться.

    Radio Kommersant FM (Moscow) asks you for your contacts to record a comment about the situation with Facebook data. Thank you very much!

  • Billy Nomates
    October 26, 2012

    Are they all dumbfucks?

  • Robert
    October 26, 2012

    People now are worried about their privacy!
    Good job for you anyway!

  • Facebook Investigating How Bulgarian Man Bought 1.1 Million Users’ Email Addresses For Five Dollars – Forbes
    October 26, 2012

    […] total of five dollars. “I just bought more than 1 million… Facebook data entries,” Shopov wrote on his blog Tuesday. […]

  • Tom
    October 27, 2012

    Why this article was posted … I have to say good job. And point well taken. I suspect this is targeted all naive facebook users who think their info is “confidential” and that nothing will ever happen to their FB account. LOL.


    This stuff has been going on for years (scraping FB apps) but just never exposed to this extent. You did an awesome job Bogo. Pretty good Slap-In-The-Face to FaceBook. Keep up the good work.

  • Alfian Effendy
    October 27, 2012

    Oh my gosh, realy? That’s why I hate Facebook.
    btw, you’re not completely remove your data picture, here’s the link


  • robert
    October 27, 2012

    Stupid people ! they blurred the names but left the links! Who’s been that smart?

  • Roni
    October 28, 2012

    Our private details are out there, they worth money and we get non of it.
    Check out this cool animation about a software offering a cool solution.

    Don’t get mad, get even :)

  • Man Buys 1 Million Facebook Users’ Personal Information for $5, and Facebook Tries to Cover it Up | Conscious Life News
    October 29, 2012

    […] purchasing the list and being amazed at its legitimacy, the IT blogger posted an entry detailing the event along with screenshots and a surprising follow-up. Using his personal E-mail […]

  • Francisco Mesa
    October 29, 2012

    Well. I don’t think it’s hard to get and download all that information. The problem is, in my opinion, about the offer. Isn’t it?

  • Blqblqblq
    October 30, 2012

    LOL. And that story made all of the news all over the world? 1 milion useless info ?!? How about the one who hacked 3.6 SSN (including credit cards) from USA ? Now that is a story. This is bullshit.

  • allak
    October 31, 2012

    Personally i don’t give a crap if someone has my full name and email and facebook lol…so what. internet and facebook is not my life lol…who gives a shit.

  • L
    November 1, 2012

    Nevidím v tom až takový problém. V podstatě jen nejspíš vzali seznam e-mailů, a vyhledávali podle nich účty na FB. Vyzkoušej zadat e-mail do vyhledávání přímo na FB.
    Nejtěžší by na tom bylo vyrobit robota, který by se zvládl přihlásit, a zadával jeden email za druhým – ale to by neměl být problém s toolem typu Selenium.

  • Cheapest Mailing List Ever: 1.1 mil Facebook Users For $5 – IMVINE
    November 2, 2012

    […] http://talkweb.eu/openweb/1819 […]

  • Vope
    November 6, 2012

    That is not something new yo just gave it publicity. FB is scraped daily for user info and they need to educate their users more how to protect themselves.

  • 1M FB entries for $5 | Bi·lak
    November 11, 2012

    […] you can get 1 million Facebook data entries for just $5. Just so you know how much you are worth in the eyes of some people. This entry was posted in […]

  • Facebook intenta silenciar a un bloguero que descubrio la venta de datos privados de sus usuarios | carlos96p
    November 16, 2012

    […] hecho ha sido descubierto por un informático búlgaro llamado Bogomil Shopov, que publicó en su blog personal que había adquirido los datos privados de un millón de usuarios de Facebook por tan solo 5 […]

  • Parala
    November 17, 2012

    A lot of FB users are, ‘Not The Sharpest Knifes In The Drawer?’ D’Oh! Posting on FB is like sending a postcard thru any mail service; any one can read it & anyone can add, change, remove, whatever they want!?!

  • 4.6 Come fa a sapere Facebook quello che compro « socialwoman
    November 21, 2012

    […] ottobre è la notizia che per soli 5 dollari sono stati acquistati da Bogomil Shopov, blogger di nazionalità bulgara noto per le sue attività a difesa dei diritti civili digitali, i […]

  • locuri de munca
    November 26, 2012

    We have a facebook account and we published the information willfully. I do not understand why is this such a problem because you may chose to hide the email as well as other personal information. From the URL with a scrapper you will get very little information. If you get their password (as happened several times a few years back) than I can see the problem. If there are any bugs in the FB that disclose information that it was not supposed to be disclosed, again I can see a problem. But scrapping content that users are willingly make public, why is this a problem? It’s pretty much useless the list and have very little to do with FB. (locuri de munca)

  • gisallka
    November 27, 2012

    whats that. Im not made of glass so everybody could see through me!!

  • Petit dev
    December 16, 2012

    […] plupart des données sont vraies et je connais même certains de ces utilisateurs », a déclaré Bogomil Shopov, le blogueur militant pour la défense des internautes. Actualité nouvelles technologies […]

  • cipla
    December 20, 2012

    The other day, while I was at work, my cousin stole
    my apple ipad and tested to see if it can survive a 25 foot drop,
    just so she can be a youtube sensation. My iPad is now destroyed and she has
    83 views. I know this is entirely off topic but I had to share it
    with someone!

  • flightsone.com
    December 21, 2012

    An intriguing discussion is definitely worth comment.
    I believe that you should publish more on this
    issue, it might not be a taboo subject but usually folks don’t speak about these issues. To the next! Many thanks!!

  • Facebook-Nutzer-Daten für fünf Dollar – Markus M. BLOG
    December 25, 2012

    […] enthalten: Der richtige Name, ein Link zum Facebook-Profil und die dazugehörige E-Mail-Adresse. Der Schnäppchenjäger Bogomil Shopov hat von dieser Sache in seinem BLOG berichtet. Quelle: Spiegel […]

  • Raze
    December 30, 2012

    Hhahah I always love the outraged comments.

    I can always see them live:
    Some suited up people knock at their door and say more or less “hey how about we shove some millions down your pockets, all you have to do is let us do whatever we want with user data?”

    Yeah you know you see em very much saying “No I’m an honorable person and I prefer sucking it up a the increasingly marauderous labor market doing 6 day 12-13-14-15 hour job shifts. I mean I could never be persuaded to betray the people’s interests – particularly those fools who don’t care to know better or do anything about it.”

    Thats exactly how its going to work right?

    And fb is just the first site that has really elevated the formula.
    It provides all the gossip goodness for all the mass of social cripples that need it to feel relevant. And all you have to do is trade in your dignity at the agreement to use it. Its a seamless transaction.

    And lets face it, it’s not really an issue of privacy. It’s a bigger issue of they’ve been allowed to go this far without much objection, not any effective ones any way. Now that they have them and others will feel comfortable demanding even more marauder policies so we can use their shit.

  • No, Facebook, I don’t want my 5$ back, but I want something from you. | Bogo
    December 31, 2012

    […] Did you get your 5 dollars back? […]

  • קיידום ממומן
    January 25, 2013


  • More Info
    January 28, 2013

    Hello are using WordPress for your site platform?

    I’m new to the blog world but I’m trying to get started and
    set up my own. Do you require any coding expertise to make your own blog?
    Any help would be really appreciated!

  • CrashDown.it » Facebook: nuovo scandalo, un blogger acquista 1,1 milioni di dati per 5 dollari
    February 1, 2013

    […] bulgaro, Bogomil Shopov, attivista per i diritti digitali, sia riuscito a raccogliere i dati di 1,1 milioni di utenti (e-mail ed ID) inviati al sito di marketing Gigbucks pagando una cifra irrisoria: cinque […]

  • xpda
    February 5, 2013

    […] http://talkweb.eu/openweb/1819 […]

  • Shady Facebook app devs are selling your details for pennies | Stock Market News – Business & Tech News
    February 10, 2013

    […] at Bogo  Photo by Valerie […]

  • one million Facebook users data was offered for sale
    March 19, 2013

    […] will be launching an internal investigation following the revelation by Czech blogger Bogomil Shopov that data belonging to over one million Facebook users was offered […]

  • jehming
    September 7, 2015

    can i buy this too? where did you buy?

Leave a Reply to jad Cancel reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.