Constantly embroiled in some sort of privacy battle, Facebook is now investigating what could have been a data breach or at least a misuse of information collected through third-party apps. As revealed by a Bulgarian blogger, a website was found selling more than a million data entries of Facebook users for only $5.

Bogomil Shopov, a digital rights activist, wrote that the entries included information like users’ names, Facebook URLs and email addresses, which he verified were valid.

Bulgarian Blogger Purchases 1.1 Million Facebook Names, URLs and Emails for $5

Files of Facebook user information purchased by Shopov for $5 U.S. (Image: Bogomil Shopov)

In a separate post, Shopov wrote that Facebook contacted him after this revelation, thanking him for showing this issue. Perhaps only Facebook wants to be able to sell its own users’ information.

Here’s some of what Facebook said during their conversation, according to Shopov:

“Now we would like you to send us this file, delete it, tell us if you have given a copy of it to someone, give us the website from which you bought it including all transactions with it and the payment system and remove a couple of things from your blog. Oh and by the way, you are not allowed to disclose any part of this conversation; it is a secret that we are even having this conversation”.

He wrote that he agreed to send them the website, as it was his original purpose in pointing out this information being sold at a cheap price. He asked what Facebook’s plans were next and was told the company would be conducting an internal investigation.

Forbes Andy Greenberg contacted Shopov who said he made sure this information, which Greenberg specified came from the site Gigbucks, wasn’t just gleaned from public Facebook profiles. The profiles included in the list had users who protected contact information under some security levels on the site. Shopov went on to tell Greenberg he hopes his findings result in an increase in security on Facebook’s part, specifically for the information given when allowing third-party apps.

Searching Gigbucks for “Facebook database” revealed that there are two other entries attempting to sell Facebook user information as well, although this information has not been verified as legitimate.

“Anyone can grab your data,” Shopov said, according to Greenberg. “Users click ‘I agree’ or ‘I accept,” and their information goes off to the application developer, who can do whatever they want with it.”

Facebook told Greenberg it is not at liberty to discuss the investigation in detail.

(H/T: Gizmodo)