In an experiment (.pdf) to demonstrate the vulnerability of online social networks to exploitation, researchers from the University of British Columbia Vancouver programmed a bunch of scripts to pass themselves off as real people on Facebook. Over eight weeks, a total of 102 "socialbots" took on the name and picture of fictitious Facebook users, masquerading as real users with regular status updates.

Each bot proceeded to build a sizable network by first sending connection requests to a randomly selected list of 5,000 profiles (about 50 per bot), and continuing with new connection requests to the friends of those who accepted the initial invitation. As reported on The Register, the researchers succeeded in harvesting a staggering 250 gigabytes of personal data at the end of eight weeks--much of it configured to be available only to people on the user's list of friends. This includes email addresses, pictures, phone numbers and other data. The research is scheduled to be presented in an academic report next month.

Defending its security systems, Facebook says that the result of the study was unrealistically successful due to the trusted university IP address used to conduct the attack. A spokesman from Facebook noted: "We have serious concerns about the methodology of the research by the University of British Colombia and we will be putting these concerns to them."

For more on this story:
- check out this article at The Register
- check out this article at Ars Technica

Related Articles:
Facebook to pass URLs to Websense to detect malicious links
Zuckerberg: Yes, I do use Facebook 'all day long'
Spotlight: Facebook rejects claim that facial recognition violates German privacy law
What enterprises should know about Google+