Facebook ID "Hack"—No Real Problem

|
[NOTE: This article does not refer to the Facebook hack that lets you view anybody's chat activity and pending friend requests. That hack is serious; this one isn't. View that story here.]

Last week I learned about a simple "hack" that can retrieve the full name and Facebook URL for any account holder, given nothing but the Facebook ID number. All you need to do is open your browser, type in "http://graph.facebook.com", and append a number. For example, "http://graph.facebook.com/4" gets you the entry for Mark Zuckerberg. The returned data looks like this:

{
"id": "4",
"name": "Mark Zuckerberg",
"first_name": "Mark",
"last_name": "Zuckerberg",
"link": "http://www.facebook.com/zuck"
}

OK, that's not a lot of information, but you could theoretically use it to compile a list of all Facebook accounts. I wrote a small program to do exactly that and concluded that Facebook has nothing to worry about.

My simple-minded program just works its way through all possible ID numbers in sequence, starting with 1. When it finds an ID that has associated data, my program writes that data to an output file. In about 18 hours my program, processed the first 180,000 IDs. Only 25 percent of them actually linked to Facebook user information.

So my program processes around 10,000 IDs per hour but turns up only about 2,500 actual accounts per hour. Facebook presently claims 400 million active users. That means a complete listing could take 160,000 hours--a little over 18 years. This "hack" is an entertaining novelty, but there's no practical way you could exploit it to list all Facebook users.

0 comments:

Post a Comment