Facebook users open to ID theft, security firm warns

16 Aug 07

Research by Sophos found that more than two in five people were prepared to divulge personal information such as email addresses, birthdays and phone numbers, with some even posting their entire CV online.

People can reveal as much or as little about themselves as they like on the popular website, and only ‘friends’ of a user can see their profile. However, the research suggests many are prepared to become 'friends' with people they know nothing about.

As part of the Sophos survey, a profile was set up for a green plastic frog named Freddi. Forty-one per cent of users contacted confirmed Freddi as a friend, giving him access to their personal data.

"Freddi may look like a happy green frog that just wants to be friends, but actually he's happy because he's just encouraged 82 users to hand over their personal details on a plate," said Graham Cluley, senior technology consultant at Sophos.

"While accepting friend requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many of the building blocks they need to spoof identities, to gain access to online user accounts, or potentially, to infiltrate their employers' computer networks."

Cluley also said it was worrying that it was so easy to collect the data.

“He now has enough information to create phishing emails or malware specifically targeted at individual users or businesses, to guess users' passwords, impersonate them or even stalk them," he said.

On Monday it was reported that a secret code from the website had been leaked online, potentially giving hackers access to users’ details. But a Facebook spokesperson said: "It was not a security breach and did not compromise user data in any way."

Get the latest stories first with info4security's newsletters: Click to signup

Post and bookmark this story at the following sites:

What is this?

del.icio.us	Digg	Reddit	Google	Newsvine