• TechCrunch, Wednesday, November 2, 2011 1:41 PM

How reliable are Facebook’s user authentication practices? Well, researchers from the University of British Columbia Vancouver just infiltrated the social network with “bots,” and reportedly made off with information from thousands of users.

“Around 250GB of data was stolen during the study, including personal and marketable information, and around three thousand users were targeted,” TechCrunch reports. “Only one in five of the profiles were flagged by the Facebook Immune System, which clearly needs a boost.”

The fake UBC accounts, which the researchers call “socialbots,” were created from a few simple scripts, which submitted all the requisite account information. Names, pictures, and status updates were trawled from the open Web, eventually producing 102 fairly believable accounts, according to TechCrunch. What about Facebook’s fraud detection? Apparently, it was avoided by “rate-limiting” the posts and friend requests to avoid CAPTCHAS.

Notes TechCrunch: “Considering how easy it was to automate the process of account creation and propagation, one has to question the effectiveness of Facebook as an authentication system.”

Read the whole story at TechCrunch »