Army of 'socialbots' steal gigabytes of Facebook user data

A small array of scripts programmed to pass themselves off as real people stole 250 gigabytes worth of personal information from Facebook users in just eight weeks, researchers said in an academic report to be presented next month.

The 102 “socialbots” included a name and picture of a fictitious Facebook user and used programming interfaces from ihearthquotes.com to automatically embed pseudo-random quotes into status updates. They also used Facebook interfaces to send connection requests to about 5,000 randomly selected profiles. They then sent connection requests to the friends of those who accepted the initial invitation, and with each acceptance, they scraped whatever information was available.

At the end of the eight-week experiment, the researchers made off with 250 gigabytes of personal data, much of it configured to be available only to people on the user's list of friends. A defense known as the Facebook Immune System, which is designed to automatically flag fake profiles, did little to thin the army of socialbots used in the study. While about 20 percent of them were blocked, the closures were the result of feedback from other users who reported spam, the researchers said. Their socialbot network targeted Facebook, but they said similar ones could penetrate virtually any OSN, or online social network.