Facebook's security system failed to stop a large-scale infiltration in which computer-generated fake Facebook profiles collected personal information about thousands of Facebook users, according to researchers in Canada.

Researchers at the University of British Columbia collected 250 gigabytes of information from Facebook users by using socialbots - fake Facebook profiles created and controlled by computer code.

The socialbots - complete with names, photos and computer-generated status updates - sent friend requests to about 5,000 random Facebook users. Once accepted, the socialbots then put out friend requests to friends of the initial group.

In eight weeks, the researchers had collected 250 gigabytes of personal information from Facebook users - including users' email addresses and phone numbers.


This included the private data of users who had not been infiltrated by the socialbots, but were connected to infiltrated users.

The researchers found that even operating the socialbot network (SbN) at a conservative pace, each socialbot could collect on average 175 new chunks of publicly inaccessible data per day.

However, Facebook claims it uses a combination of three systems to combat such attacks.

"We are constantly updating these systems to improve their effectiveness and address new kinds of attacks. We use credible research as part of that process," Facebook told the Vancouver Sun.

"We have serious concerns about the methodology of the research by the University of British Columbia and we will be putting these concerns to them."

Researchers from the University of British Columbia told the newspaper they had received ethics approval for the study. The data they collected was encrypted and anonymized and deleted after they completed their data analysis.