IT security and control firm Sophos is urging Facebook to
improve its default privacy settings following new research that
revealed members are unwittingly exposing their personal details on
a mass scale to millions of strangers, putting themselves at risk
of identity theft.
Sophos took a random snapshot of 200 users in the London
Facebook network, which is the single largest geographic network on
the site, with more than 1.2 million members, and found that a
staggering 75 percent allow their profiles to be viewed by any
other member, regardless of whether or not they have agreed to be
friends. Sophos has seen evidence that Facebook users in other
geographic regions are similarly exposing personal information to
complete strangers, and notes that as some regional networks are
very large (Toronto has more than 866,000 members, Vancouver more
than 476,000, New York more than 421,000) indicates how enticing
this social networking site can be for cybercriminals.
Joining a Facebook network can expose your
information to hundreds of thousands of strangers.
Facebook is made up of thousands of networks worldwide, and
users are encouraged to join them in order to meet and make friends
with people in their area. Even if you have previously set up your
privacy settings to ensure that only friends can view your
information, joining a network automatically opens your profile to
every other member of the network. Sophos experts note that this is
a worrying situation, particularly given the growing popularity of
these networks. For instance, in May 2007, there were just 375,000
Facebook members in the London network, a three-fold increase in
just four months means that an unprecedented amount of personal and
corporate information is now available for strangers to view.
"I was flabbergasted when I joined a network on Facebook using a
profile which I thought was secure, only to find Facebook had
changed a number of settings and was opening me up to millions of
strangers," said Graham Cluley, senior
technology consultant at Sophos. "Who was to say that
cybercriminals weren't in that network too? Is it right that
Facebook works this way?"
Facebook changes users' privacy settings to
reveal their profiles to strangers when they join a regional
network.
Worryingly for businesses, 25 percent, which could equate to as
many as 300,000 users in the London network, revealed information
relating to their work - details that could potentially be used by
cybercriminals in their attempts to commit corporate ID fraud or to
infiltrate company networks.
"While Facebook's privacy features are far more sophisticated
than competing social networking sites, too many members still
aren't getting the message about how to use them effectively to
help protect against ID theft," continued Cluley. "Facebook has
ultimately put these privacy options in place to protect its flock
so perhaps it's time for the networking phenomenon to take the next
step and change its default settings so that when members join a
network, they have to actively click to leave their details on
show, rather than automatically letting it all hang out
online."
The research further highlights that 54 percent of users in the
London network show their full date of birth; vital information for
cybercriminals wishing to commit identity fraud. One percent, which
equates to 12,000 people, are divulging their phone number to over
a million strangers. While smaller networks may not pose as great a
threat as the massive London circle, each one - whether regional,
work or college related - presents a significant risk to members
that fail to check and amend their privacy settings.
"The Facebook network issue almost amounts to identity-on-demand
for cybercriminals, who are fully capable of taking advantage of
unwitting Facebook fans. It's crucial that users take a few minutes
to look at their privacy settings before getting caught up in the
undisputed fun of Facebook," concluded Cluley.
Recently, Sophos published research showing that 41 percent of
Facebook users were prepared to divulge personal information to
a complete stranger (a small plastic frog called Freddi Staur - an
anagram of 'ID Fraudster').
Simply click on the arrow above to stream the
podcast through your browser. Alternatively you can download
it to your MP3 player.
Sophos recommends companies protect themselves with a consolidated solution which can control network access
and defend against the threats of spam, hackers, spyware and
viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.