A security researcher has compiled the names and URLs of over 100 million Facebook accounts and made it available as a BitTorrent download.

Self titled certified penetration tester, Ron Bowles, said he used some quickly written code to collect the names of over 100 million who had made their account accessible to Google and other search engines. The list also includes the unique web address of each account. This means that even if the user sets their account to be private later, the pages can still be accessed.

In a blog post, Bowles wrote: ?Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details. If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops ?

Facebook does strictly forbid the scraping of it?s content, so Bowles? unauthorized move may well incur some action. Bowles? website at skullsecurity.org and skullsecurity.net also went down shortly after the revelation. It?s now back up and worth a visit to read his Facebook blog. Over 10,000 people have tried to download the file.

Facebook has reminded users that they can make their account inaccessible to search engines, but as Bowles pointed out that makes no difference to those who make the change after the fact.

It?s not a total surprise that information users have made available on the internet has ended up being available else where. When it on the internet, it?s on the internet. This is something that many netizens fail to recognise. Once something is on any website it becomes a permanent part of the internet record. Even when information is made ?private? that?s often not the case. A wealth of web applications means a wealth of vulnerabilities.