Facebook: The Privacy Challenge

Facebook has over a billion active users and a reported 700,000 new people joining the social networking website every day. But how carefully do Facebook users consider their online privacy?

With Facebook settings changing ever-frequently, users are increasingly frustrated (and confused) about their privacy. In a Naked Security poll, 93% of Facebook users would prefer Facebook's privacy options to be opt-in rather than opt-out. That said, we found that:

  • 46% of Facebook users accepted friend requests from strangers
  • 89% of users in their 20s divulged their full birthday
  • Nearly 100% of users post their email address
  • Between 30-40% of users list data about their family and friends

Identity thieves can use this information to commit crimes against individuals and their companies. Read our tips for better security on Facebook to secure your personal data and avoid identity theft.

The danger of Facebook identity theft

In late 2009, Sophos conducted an experiment to see how easy it can be to steal vital personal data from Facebook users. By creating two fake Facebook accounts and randomly friending users, we found that 46% of users accepted our friend requests, giving us access to a wealth of information.

Of the friended users in their 20s, 89% divulged their full birthdate on their profile. Almost all users posted their email address, and about half listed their town of residence. In the hands of an identity thief, this valuable information can be easily exploited.

We conducted this experiment to determine if Facebook users had become more privacy-savvy. In 2007, 41% of users divulged their sensitive personal information to a complete stranger. Our fake Facebook accounts had access to information that can help criminals guess someone's password or even impersonate them.

What can Facebook users do to protect themselves?

Facebook's privacy features generally go far beyond those of many competing social networking sites, but many users simply aren't choosing their privacy options carefully, or haven't learned how to behave safely online. Our Facebook Best Practices on security can help you reduce the risk of having your identity stolen.

Facebook, employee productivity and your company

Home users are not the only ones at risk. Businesses and other organizations can be the victims of a targeted attack by cybercriminals who are using stolen employee information to their advantage.

A Sophos poll revealed that 50% of employees are blocked from accessing Facebook at work, not just because of privacy concerns, but also due to fears that workplace productivity may be hit.

Companies are also concerned that employees may be writing material on Facebook, or publishing photographs and videos, which could cast their business in an embarrassing light.

Although sites like Facebook can be used for legitimate business purposes, we believe IT administrators should be given the power to decide whether access is appropriate for their company.

Sophos are experts at helping organizations secure and control their users, and Sophos Web Appliances can be used to set policies to control which websites are accessible, as well as blocking malicious phishing and virus-infected webpages.

Disclaimer: The security advice provided on this page is not endorsed by Facebook and is solely the property of Sophos.