Facebook Looking Into How Bulgarian Blogger Bogomil Shopov Bought 1.1 Million E-Mail Addresses

Posted Oct 28, 2012

Somehow 1.1 million e-mail addresses were scraped from Facebook profiles and landed on the open market.  A Bulgarian blogger named Bogomil Shopov bought each e-mail address for less than half a thousandth of a penny.

Mr. Shopov is a also a digital rights activist that was able to get 1.1 million Facebook names, users IDs, and e-mails from social marketing website Gigbucks earlier this month for a total of $5,000.  “I just bought more than 1 million? Facebook data entries.”

Mr. Shopov said that he had verified several names and e-mail addresses of his own friends on the list.  He said that the data was not merely scraped from public profiles.  Some of the data that he grabbed was not publicly displayed on a users’ page.

“The information in this list has been collected through our Facebook apps and consists only of active Facebook users, mostly from the US, Canada, UK and Europe,? said Gigbucks in a post. ?Whether you are offering a Facebook, Twitter, social media related or otherwise a general product or service, this list has a great potential for you.?

Facebook is now looking into the breach of users’ data, which could lead to spam or phishing attacks.  Facebook now has dedicated security engineers and teams looking into the Gigbucks issue.

Facebook believes that the information was taken from their website by “scraping” users’ public data instead of collecting information using an application.  Even though Shopov said that a few of the e-mails he checked from the list was not displayed publicly, but maybe the e-mails from those private accounts were public earlier.

Facebook contacted Shopov and asked him to send them the data, delete it, and remove the post from his blog that mentions the purchase.  However he wrote another post about the phone call instead.

Shopov helped found the privacy and digital civil liberties organization known as the Pirate Party.  He said that he hopes that this incident will call attention to Facebook’s insecurity when users sign up and share data with third-party applications.

?Anyone can grab your data,? stated Mr. Shopov. ?Users click ?I agree? or ?I accept.?