Facebook's security system failed to stop researchers using fake profiles to collect the personal information of thousands of users.
The University of British Columbia researchers were able to collect 250 gigabytes of information about Facebook users in two months, including e-mail addresses and phone numbers, according to New Zealand reports.
The fake profiles sent friend requests to 5,000 random Facebook users. Once the requests were accepted, the "socialbots" then put out friend requests to friends of the initial group.
The data collected included the personal information of users who had not been infiltrated by the socialbots, but were connected to infiltrated users.
According to the researchers, even at a conservative pace, the socialbot network was able to collect an average of 175 new pieces of publicly inaccessible data a day.
However, Facebook claims it uses a combination of three systems to combat such attacks and is constantly updating these systems to improve their effectiveness and address new kinds of attacks.
Facebook has also expressed concerns about the methodology of the research by the University of British Columbia, but the research team says it received ethics approval for the study. The data researchers collected was encrypted, made anonymous and deleted after they completed their data analysis.
The research report is to be presented at the 2011 Annual Computer Security Applications Conference in Orlando, Florida from 5 to 9 December.