100 Million Facebook Users Learn True Meaning of Going Public

The most dramatic "data theft" to hit social networks in quite a while isn't a theft at all.

Facebook users were hit with another frightening reminder on Thursday that not everyone online is their friend, as over 100 million personal profiles and details from the service were scraped from Facebook's pages and published on the Web.

But Facebook wasn't hacked. Far from it. And if users had personal details exposed, they have no one but themselves to blame.

A program written by Ron Bowes, a security consultant at Skull Security, scanned all the listings in Facebook's open-access directory and then compiled a text file that lists the information he uncovered. That data potentially exposes some Facebook users' birthdays, addresses, phone numbers and more -- but only because they chose not to keep those details private.

"All I've done is compile public information into a nice format for statistical analysis," Bowes told the BBC. He explained that he had simply accessed the same information that's available to search engines like Google, Bing and Yahoo -- or the countless white-pages services available online.

But the stunt should make those 100 million Facebook users reconsider what personal information they make available online.

Going public with your birthday and address exposes you to the very real threat of identity theft and fraud -- not to mention stalking and other unwelcome advances. Hackers typically troll for such information to open credit cards under aliases, or they use the names they find in other online scams.

And it's hardly unreasonable to presume that some of the thousands of people who have downloaded Bowes' file since it hit the Internet have criminal intentions.

Facebook is putting a straight face on the story. Company spokesman Andrew Noyes told FoxNews.com that the "information that people have agreed to make public was collected by a single researcher ... no private data is available or has been compromised."

As Facebook leaves it up to its users to decide how much personal information they want to reveal to the public, people who want to keep some things to themselves are encouraged to take a few specific steps.

To be removed from the open access directory that Bowes scanned, users should select "Privacy Settings" under the "Account" heading on the Facebook screen, then edit the "Public Search" option to uncheck the "Enable public search" box.

Then they should go back to the privacy settings and select "Custom" to specify what information (photos, comments, and so on) they want to share, and with whom.

If your profile was set to be searchable by everyone, chances are you're in Bowes file, and there's nothing you can do about that now.

Facebook users should also be aware that after they have changed their privacy settings, their old profile pages may still be publicly available because they are often stored (or cached) by search engines.

Ultimately, this latest incident is just another reminder of the basic reality of modern cyber security:

Whatever it is . . . if you wouldn't put it on a billboard in Times Square, don't post it on the Web.

Follow John R. Quain on Twitter or find more tech coverage at J-Q.com.