Far from having to force hack Facebook passwords in the style of last week’s harvesting exercise by Canadian researcher Ron Bowes, it turns out that thousands are already freely available on the Internet.
BitDefender researcher Sabina Datcu was able to cull a total of 250,000 user names, email addresses, and even passwords from a deep trawl of the Internet, 87 percent of which appeared to allow access to social networking accounts. A second pass showed that 75 percent of the data also worked for personal email accounts.
Datcu doesn’t explain how the data was gathered, nor how many individual accounts the information would relate to, but she was able to discover most of the data from ‘online collaboration tools’, backed up with blogs, Torrents, and instances where users simply mention the details of third-parties.
Although smaller in scale than the 100 million Facebook accounts researched and published n a high-profile stunt by researcher Ron Bowes, the fact that the BitDefender experiment was able to glean the password as well underlines that social networking users are already insecure to some extent, whether many users realise it or not.
Using the Bowes’ data, the theoretical next step would be to force hack the Facebook passwords using a software tool to gain access to the accounts. It’s impossible to know how successful such an exercise would be, but recent research from fellow security company Imperva suggests that users habitually use trivial passwords which renders the need for software tools moot.
“The alarming results of this experiment should make users aware that adding a password to an email or social networking account should be as serious as adding a high quality lock to their houses.” said Datcu.
Trivial passwords, such as those uncovered by the Imperva study, need to be consigned to history, though that looks like a hopeful wish.
“To conclude, social network users are exposed more than they believe, as not only their names and private information can be dug up on the Internet, but, with some of effort, their passwords as well,” added Datcu.