Internet users' personal information may be at risk – and is perhaps best kept off the Internet – with the news that Facebook contains a flaw that could have allowed hackers to access sensitive profile information about any of the site's more than 200-million users.
Sophos notes that this data, which includes date of birth, home town, gender, family members, relationship status and political and religious views, could then have been used to commit ID fraud.
The creators of blog FBHive.com discovered a simple hack that would show everything listed in a Facebook member's "Basic Information" panel, even if this information had been hidden by the user with the website's security settings. Using the security hole, FBHive was able to access personal information about Facebook CEO Mark Zuckerberg, Digg Founder Kevin Rose, and famous blogger Cory Doctorow.
The vulnerability has now been fixed by Facebook, but it is unknown if hackers have been using information exposed by the security flaw for criminal ends.
"While Facebook has fixed this loophole, it is disturbing that the vulnerability was there in the first place – as millions of Facebook users could potentially have been in danger of having information snatched which they believed to have been secured," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
"This isn't the first time that Facebook has found itself in the spotlight for not properly securing users' information. Last month, a security loophole was found that could have allowed identity thieves and spammers to gather users' personal email addresses. If users really want to be secure on social networks they shouldn't rely on the website keeping their data safe and sound – maybe it's better not to upload any personal information in the first place," Myroff adds.