TORONTO - Affiliate program SlickCash (http://www.slickcash.com/) has agreed to pay $500,000 to social-networking site FaceBook (http://www.facebook.com/) for allegedly hacking into Facebook's computers.

In addition to the payout, several SlickCash employees and others associated with the company agreed not to become Facebook members for 10 years and not to contact any members using personal information allegedly obtained from the hacking. SlickCash owner Greg was not immediately available for comment.

Court records show the suit was settled in April, but details were just recently entered into an online legal database.

Facebook filed the suit in December 2007 in San Jose, Calif., claiming SlickCash employees hacked into Facebook computers "and tried to access the personal information of users."

Facebook claimed in the suit that for two weeks in June 2007 "the defendants attempted to access Facebook's servers at least 200,000 times."

"Each of these requests sought to direct Facebook's computers to send information on other Facebook users back to (the company's Internet Protocol) address," court documents stated. "These requests for information from Facebook generated error messages and were detected as unauthorized attempts to access and harvest proprietary information."

(http://www.avn.com/internet/articles/by-category/other-internet-news.html)

They should have had to pay another $500K just for being stupid enough to get caught.

If they had gained access to members info, wouldn't that jeopardize Facebook? Something is amiss here.

Greg, if you look at facebook profiles, many users have personal information posted, like emails and such. At one point, it wasn't hard to write a basic bot to go out and look at your friend's friends, and then their friends, and so on, basically scanning your way through the entire facebook roster over time.

However, in the last 5 or 6 months, facebooks has become much more strict about restricting access to user profiles without permission of the user. As a result, a program that use to work harvesting this information would now generate huge numbers of error messages.

If someone attempted to circumvent these blocks (by faking the request headers or otherwise spoofing the system) they would certainly be crossing the line.

I don't have any exact information on what was involved here, but I have to say that I am NOT impressed.

Greg, if you look at facebook profiles, many users have personal information posted, like emails and such. At one point, it wasn't hard to write a basic bot to go out and look at your friend's friends, and then their friends, and so on, basically scanning your way through the entire facebook roster over time.

However, in the last 5 or 6 months, facebooks has become much more strict about restricting access to user profiles without permission of the user. As a result, a program that use to work harvesting this information would now generate huge numbers of error messages.

If someone attempted to circumvent these blocks (by faking the request headers or otherwise spoofing the system) they would certainly be crossing the line.

I don't have any exact information on what was involved here, but I have to say that I am NOT impressed.

Scraping to spam would be my guess or to seed a personals site. It sure as hell wouldnt be the first time!

seeding the personal site is most likely - you get a wide variety of people, pictures, and basic personal information that makes it relevant and "valid"... you could also turn around and then spam them with their personal page already setup "make sure your info is right"

Greg, if you look at facebook profiles, many users have personal information posted, like emails and such. At one point, it wasn't hard to write a basic bot to go out and look at your friend's friends, and then their friends, and so on, basically scanning your way through the entire facebook roster over time.

However, in the last 5 or 6 months, facebooks has become much more strict about restricting access to user profiles without permission of the user. As a result, a program that use to work harvesting this information would now generate huge numbers of error messages.

If someone attempted to circumvent these blocks (by faking the request headers or otherwise spoofing the system) they would certainly be crossing the line.

I don't have any exact information on what was involved here, but I have to say that I am NOT impressed.

Yes Alex, I'm in agreement there too however the information I was referring to was their personal data that's not public from passwords to other data. I don't put all my data on Facebook either. It really depends on a case by case basis regarding what each person felt was the thing to hide.