Facebook's security policies are once again under scrutiny as Sophos research has revealed that members are unwittingly exposing their personal details on a mass scale to millions of strangers, putting themselves at risk of identity theft.
Sophos took a random snapshot of 200 users in the London Facebook network, which is the single largest geographic network on the site, with more than 1,2-million members, and found that a staggering 75% allow their profiles to be viewed by any other member regardless of whether they agreed to be friends.
Sophos has seen evidence that Facebook users in other geographic regions are similarly exposing personal information to complete strangers, and notes that the scale of these member networks (Toronto has more than 866 000 members, Vancouver more than 476 000, New York more than 421 000) indicates how enticing this social networking site can be for cyber-criminals.
Worryingly for businesses, 25% of London members reveal information relating to their work – details that could potentially be used by cyber criminals in their attempts to commit corporate ID fraud or to infiltrate company networks.
Facebook is made up of thousands of networks worldwide, and users are encouraged to join them in order to meet and make friends with people in their area. Even if you have previously set up your privacy settings to ensure that only friends can view your information, joining a network automatically opens your profile to every other member of the network.
Sophos experts note that this is a worrying situation, particularly given the growing popularity of these networks. For instance, in May 2007, there were just 375 000 Facebook members in the London network, a three-fold increase in just four months means that an unprecedented amount of personal and corporate information is now available for strangers to view.
"While Facebook's privacy features are far more sophisticated than competing social networking sites, too many members still aren't getting the message about how to use them effectively to help protect against ID theft,” says Brett Myroff, CEO of master Sophos distributor, NetXactics.
Facebook has ultimately put these privacy options in place as a protective measure. Sophos believes that perhaps it's time for the networking phenomenon to take the next step and change its default settings so that when members join a network, they have to actively click to leave their details on show, rather than automatically letting it all hang out online.
The research further highlights that 54% of users in the London network show their full date of birth – vital information for cyber criminals wishing to commit identity fraud. One percent, which makes a worrying 12 000 people, are divulging their phone number to over a million strangers.
While smaller networks may not pose as great a threat as the massive London circle, each one – whether regional, work or college related – presents a significant risk to members that fail to check and amend their privacy settings.
"The Facebook network issue almost amounts to identity-on-demand for cyber criminals, who are fully capable of taking advantage of unwitting Facebook fans. It's crucial that users take a few minutes to look at their privacy settings before getting caught up in the undisputed fun of Facebook," Myroff adds.
Recently, Sophos published research showing that 41% of Facebook users were prepared to divulge personal information to a complete stranger (a small plastic frog called Freddi Staur – an anagram of "ID Fraudster").