Facebook has nearly 500 million active users and a reported 700,000 new people joining the social networking website every day. But how carefully do Facebook users consider their online privacy?
With Facebook settings changing ever-frequently, users are increasingly frustrated (and confused) about their privacy. In a recent poll, 93% of Facebook users would prefer Facebook's privacy options to be opt-in rather than opt-out. That said, a few months prior, we found that:
- 46% of Facebook users accepted friend requests from strangers
- 89% of users in their 20s divulged their full birthday
- Nearly 100% of users post their email address
- Between 30-40% of users list data about their family and friends
Identity thieves can use this information to commit crimes against individuals and their companies. Read our tips for better security on Facebook to secure your personal data and avoid identity theft.
Please enable flash and javascript for the player to work
00:06:15 - 11 Jan 2011
Download the podcast
Paul Ducklin of Sophos Australia discusses Facebook safety and privacy
From this month's Patch Tuesday to the big Vodafone Australia data leak, Paul Ducklin of Sophos Australia joins Chet this week to round up the major security news of the week.
The danger of Facebook identity theft
In late 2009, Sophos conducted an experiment to see how easy it can be to steal vital personal data from Facebook users. By creating two fake Facebook accounts and randomly friending users, we found that 46% of users accepted our friend requests, giving us access to a wealth of information.
Of the friended users in their 20s, 89% divulged their full birthdate on their profile. Almost all users posted their email address, and about half listed their town of residence. In the hands of an identity thief, this valuable information can be easily exploited.
We conducted this experiment to determine if Facebook users had become more privacy-savvy in the two years sinceour first Facebook experiment in 2007. At that time, 41% of users divulged their sensitive personal information to a complete stranger. Our fake Facebook accounts had access to information that can help criminals guess someone's password or even impersonate them.
What can Facebook users do to protect themselves?
Facebook's privacy features generally go far beyond those of many competing social networking sites, but many users simply aren't choosing their privacy options carefully, or haven't learned how to behave safely online. Our Facebook Best Practices on security can help you reduce the risk of having your identity stolen.
Please enable flash and javascript for the player to work
00:12:51 - 14 Aug 2007
Download the podcast
Facebook and identity theft
Graham Cluley, Senior Technology Consultant at Sophos, discusses the phenomenon of social networking website Facebook, revealing the results of Sophos's Facebook experiment, and advises Facebook enthusiasts on how to properly secure their profiles.
Facebook, employee productivity and your company
Home users are not the only ones at risk. Businesses and other organizations can be the victims of a targeted attack by cybercriminals who are using stolen employee information to their advantage.
A Sophos poll revealed that 50% of employees are blocked from accessing Facebook at work, not just because of privacy concerns, but also due to fears that workplace productivity may be hit.
Companies are also concerned that employees may be writing material on Facebook, or publishing photographs and videos, which could cast their business in an embarrassing light.
Although sites like Facebook can be used for legitimate business purposes, we believe IT administrators should be given the power to decide whether access is appropriate for their company.
Sophos are experts at helping organizations secure and control their users, and Sophos Web Appliances can be used to set policies to control which websites are accessible, as well as blocking malicious phishing and virus-infected webpages.
Disclaimer: The security advice provided on this page is not endorsed by Facebook and is solely the property of Sophos.